f0dder though seems like you've had experience in this. How would you use a hash to bypass a password? That was implied in one of the earlier posts, that having the hash is as good as having the password.
-vixay
It depends on how it's utilized. But consider a solution where you enter your passphrase, but instead of sending the passphrase to the server for validation, a hash of the passphrase is sent. This could be done "for security", to avoid having your passphrase being transmitted, and thus be snoopable. With that method, you can still snoop the hash though...
Another method is to send a hash of (session-unique-data + passphrase), which APOP/CRAM-MD5 does, that's pretty nice and means people will never see your passphrase, you cannot simply use the hash, etc... but it also means the passphrase has to be stored plain-text (or encrypted but with auto-decrypt which is essentially the same level of security as plaintext) serverside.