|
|
|
|
|
|
by e12e
3664 days ago
|
|
|
Technically, they might have been able to take the new password, which would traditionally not have been hashed on the client side, and try and permute it to see if it hashed to the same value as the old hash. Granted, with current best-practices in stretching, it probably shouldn't have been feasible to do even that -- but for salt+sha1 it might have worked. They probably didn't though. |
|
|