That's my thought too. If you're susceptible to this kind of attack the problem is the lack of basic salting + hashing to create a fixed length password.