Please see my comment to the question to understand that you should not expect your work done for you. Also, your school gives you a chance to learn something. Later on, you just might not have enough time to learn all you want, so use this chance well — life is too short.

Some general recommendations:

Passwords are not stored anywhere; this is absolutely not needed for authentication.

Disagree? Feel puzzled? Keep reading.

One of the ways of solving this problem which is usually used is calculation of a

*cryptographic hash function* in both cases and storing the hash. If you want to say that this stored value is just the encrypted password, think again. The big difference is: the cryptographic hash cannot be decrypted at all, this is a

*one-way function*. So, it's

*infeasible* to calculate a password from hash (and, of course, it has nothing to do with system permissions: this is equally infeasible for anyone). And this is not needed: you just store hash and compare hash with hash.

Please see:

http://en.wikipedia.org/wiki/Cryptographic_hash_function[

^],

http://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability[

^].

Don't use MD5 or SHA-1 — they are found to be broken; better use one from the SHA-2 family:

http://en.wikipedia.org/wiki/MD5[

^],

http://en.wikipedia.org/wiki/SHA-1[

^],

http://en.wikipedia.org/wiki/SHA-2[

^].

Please see my past answers:

storing password value int sql server with secure way[

^],

Decryption of Encrypted Password[

^].

—SA