This ensures that the server never knows exactly which password the user is checking, as it only sees a range of possible hashes shared by potentially thousands of other users.
