I don't get the Base64 encryption.

If one can decrypt a Base64 string, what is it's purpose?

Why is it being used for HTTP Basic auth?

It's like telling to someone my password is reversed into OLLEH.

People seeing OLLEH will know the original password was HELLO.


Base64 is not encryption -- it's an encoding. It's a way of representing binary data using only printable (text) characters.

See this paragraph from the wikipedia page for HTTP Basic Authentication:

While encoding the user name and password with the Base64 algorithm typically makes them unreadable by the naked eye, they are as easily decoded as they are encoded. Security is not the intent of the encoding step. Rather, the intent of the encoding is to encode non-HTTP-compatible characters that may be in the user name or password into those that are HTTP-compatible.
