This is not what he meant. If the password is xyz he stores the hash (f*) for xyz and xy. When you change your password to xyb, it compares fxyz to the first saved hash and a truncated fxy to the second saved hash, flagging if you’ve only changed the last character. The mask length could be arbitrary and there can be many saved hashes at the expense of making password resets slow.
Yep, that’s what I meant. Pretty sure my company does this, because they can detect this, and I know enough of our IT to believe they’re not storing passwords in plaintext.
This is not what he meant. If the password is xyz he stores the hash (f*) for xyz and xy. When you change your password to xyb, it compares fxyz to the first saved hash and a truncated fxy to the second saved hash, flagging if you’ve only changed the last character. The mask length could be arbitrary and there can be many saved hashes at the expense of making password resets slow.
I get it now. They’re comparing only trunks because the hash of the trunk wouldn’t change.
Yep, that’s what I meant. Pretty sure my company does this, because they can detect this, and I know enough of our IT to believe they’re not storing passwords in plaintext.