2 comments

[ 0.59 ms ] story [ 14.5 ms ] thread
Took me several reads of this to figure out the context, but now I think I understand it.

I think this answers the question about how passwords at what seems to be a large financial firm are stored - after all, there's only one way to know which of the characters in the stored password are special...

There's a few different ways, if they need to say they store them hashed, maybe they are hashing a T9 version (at severely reduced entropy).