@json: Perhaps they’re moving to a salted hash which would make it MUCH harder to guess the password without knowing the salt?

Confused by Salted Hash: http://www.aspheute.com/english/20040105.asp explains it pretty well.