It's not good to send clear text user password to yet another system
-> send it hashed
But full hash might still be vulnerable to the rainbow table attack
-> let's use only a part of the hash, AND, reject full hashes.
In summary, I believe, they tried to avoid creating more ways in which user passwords could be leaked.
It's not good to send clear text user password to yet another system
-> send it hashed
But full hash might still be vulnerable to the rainbow table attack
-> let's use only a part of the hash, AND, reject full hashes.
In summary, I believe, they tried to avoid creating more ways in which user passwords could be leaked.