Here is a simple and nice explication of what these terms mean..
https://www.cnet.com/uk/news/hackers-passwords-your-guide-to-data-breaches-yahoo-ashley-madison/
Is it encrypted, hashed, neither or both?
In a standard breach notification, you’ll often get some information about how the company stored your data before hackers stole it. It may seem like a foreign language, but not once you get the hang of it.
Plain Text — If your information was stolen in plain text, that means it can be read by anyone. This is the worst-case scenario, because it leaves your data completely vulnerable to identity thieves or foreign governments.
Encrypted — When you log in to a website over a secure connection, your username and password are encrypted, or scrambled. That means no one intercepting your traffic can swipe your password or other info. Encryption is reversible, so when your password gets to the other side — to an authorized recipient — the website can read it.
Hashed — Sometimes you’ll read your that password was “hashed,” and this isn’t a reference to savory breakfast potatoes. A hashing algorithm converts passwords of any length into a random, fixed-length string of characters. Unlike encryption, hashing isn’t designed to be reversible. Web services often store the hashed version of your password on their systems, instead of your real password. When you log in to your account, the site’s servers will run the same hashing algorithm on the password you submit and compare it to the hashed version it was storing.
Salted and peppered — Often, passwords are both hashed and salted, and sometimes there’s pepper thrown in. Again, I promise this has nothing to do with hash browns. The salt is a mathematical tool that attaches more random characters to the hashed version of the password, normally at the beginning. Pepper attaches the random characters to the end of the hashed version. They both make the hash even harder to crack and turn back into your password.
MD5 — This is a hashing algorithm, and not a very good one. In 2004, researchers began to find ways to “break” the algorithm, as well as the NSA-created SHA and SHA-1, prompting security expert Bruce Schneier to call for advances in hashing algorithms.
“It’s better than nothing, but really it’s not,” said Steve Manzuik, director of security research at cybersecurity firm Duo Security.
Passwords stolen in the 2013 hack of 1 billion Yahoo user accounts were hashed with MD5. Other hashing algorithms have been developed in the last decade, from SHA-2 to SHA-256. By the time Yahoo passwords were stolen again in 2014, the company had begun using another hashing function called Bcrypt…
Bcrypt — This is another hashing function that takes a different approach than MD5 and the SHA family of algorithms. It’s meant to be robust, standing up to various techniques for cracking the code and turning hashes back into passwords. Like hashing functions Scrypt andPBKDF2, Bcrypt achieves this without needing all that extra salt and pepper. Still, if your password is easy to guess, this isn’t foolproof.
Into Java 