@xor in the general case, you're right, but we also have no idea how the site is hashing the passwords etc. I figure statistically we're screwed since the number of sites that require a password and that people use has grown exponentially