// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if ( empty($wp_hasher) ) {
require_once( ABSPATH . 'wp-includes/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, TRUE);
}
First: I assume you mean that Wordpress _definitely_ encrypts their passwords, not defiantly.
Second: What is your proof they they are hashing passwords, salted or not?