On 03/09/06, Leon Weber leon.weber@leonweber.de wrote:
They shouldn't be able to check this, since passwords are stored as md5-hashes in the DB, no?
I recall coming across a page somewhere where Tim posted a list of all users who appeared to be using the same password; this was a long time ago, before salted hashing, I guess...
...your own conclusions draw you shall. :) Incidentally, the page was blanked, deleted etc. and Brion was not a happy system admin. This is also no longer possible to determine since we salt password hashes, so Don't Panic.
Rob Church