Possibly, but I sure would like some data on this. Theoretically, I could try this out by getting approved from the CIO first and then just checking the hash vs the hash for passwordpasswordpassword and passwordpasswordpasswordpassword as well as any password in the top 100 from the previous leak that was > 16 characters (not sure if there are any). As said, I'd like some to get some real data as opposed to stipulations, but obviously it's hard to get this kind of data.
