With passwords, it should be the latter - a salted hash (and it should be a secure, unbroken hashing algorithm - not MD5 or SHA-1, for example, once popular algorithms which have been broken and should no longer be used).

For those who don't know the difference: easily encrypted passwords can be just as easily decrypted (provided you have the encryption key), while a good salted hash cannot be decrypted in a reasonable amount of time.

Of course all this is worth nothing if the password is weak in the first place. Short passwords or passwords consisting of words in the dictionary are worthless.