Possibly, though I'd lean more toward the password list coming from a phishing site, in which case everything would be in the clear, and testing it against their own properly salted, hashed password database would be trivial.
On Apr 5, 2016, at 11:18 AM, Joey Kelly via Outages <outages@outages.org> wrote:
On 04/05/2016 10:51 AM, DJ Anderson via Outages wrote:
I got one of those a few weeks ago.
When I inquired about it I was told that the password I was using was found on some leaked password list and due to that they had set a temporary password to protect my account.
-DJ
Does that not imply they are not using salted hashes, but storing the passwords in plaintext? Or maybe they're intercepting the passwords and testing them against a dictionary? I might be OK with the latter, maybe (but who appointed them to be the world's password police?)
--Joey Kelly
<snip>
-- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550 _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages