Encrypting passwords is no longer a vital operation, and these days seems mostly useless. Why? I'll tell you.
With rainbow tables so easy to access the chance that your password (or those of your clients) can be cracked (matched, actually) is pretty good, and getting better every day. But there's more to it than that.
If an attacker has owns your site that already have access to your database- they don't need to crack passwords. They can simply replace any password hashes with their own, login, and then do as they please. If they want to be neat about it they can then replace the hash with the original after they're done, and no one would be the wiser.
If the have access to your code they can easily determine any salts you use to make the password hashes, so using a password salt isn't going to help either.
All in all, encrypting passwords seems more and more like a waste of time. It's a feel-good measure that doesn't really provide any added security.
