The pwd parameter is always 32 characters long, so I assume it's either a hash or a random nonce, rather than a direct encoding of the password.