This implements the previously documented hashed password support. While implementing that, I noticed a security hole, which this commit also fixes..