|
|
|
|
|
|
by ignignokt
5013 days ago
|
|
|
They don't need to know the original password, they first check if your supplied password (which can be greater than 16 characters) when hashed matches the hash they have in the database currently, then if it does and it's greater than 16 characters truncate the length of the password you supplied to 16 and then hash that and update the database with it. |
|
|