Looking for a profile update hook with uncrypted password

The password handling uses a one way hash cipher. It’s essentially impossible to determine the password from the resulting hash. Passwords are verified by hashing the user input and comparing it to the stored hash value. This only works inter-platform if both platforms not only use the same hash function, but also use the exact same salt.

I’m not answering your question, but I hope you better understand what you’re dealing with now.

PS: The password reset is unencrypted, but the user is forced to change the password once they use it, so it doesn’t really help here.

Interestingly, the monsterID icons next to our usernames use a similar system. The monster is created from a hash of your email address. It’s impossible to derive your email address from the monster elements, but the email is hashed the same way each time so you always get the same monster, even on different sites, because the salt is built into the monsterID function.