I'm with you - I have wondered all along how someone was supposed to rig the salting to generate the same hash for a different password.
As for the whitelisting - the only way I could think of doing it is to fix the salt for a specific account and hardwire it into the hashing code itself. Not impossible, but certainly not a simple task either.
Personally I'm waiting for a trip coded drop with a zero delta before I'm 100% convinced.
I'm with you - I have wondered all along how someone was supposed to rig the salting to generate the same hash for a different password.
As for the whitelisting - the only way I could think of doing it is to fix the salt for a specific account and hardwire it into the hashing code itself. Not impossible, but certainly not a simple task either.
Personally I'm waiting for a trip coded drop with a zero delta before I'm 100% convinced.