OK, great. Glad that was clear.
Regarding the vault reports, there is a very good explanation that should help you here:
Cheers!
Ah, yes, that does explain it perfectly. I guess I should have looked in the most obvious place first, before venturing on Google 
Something I’m still wondering about, then, is how each unique password is hashed (to obtain the first 5 digits). Does my local client hash each one separately (without salting or peppering) in a standard way, and then send them all off so the first 5 digits can be compared?
Sorry for so many questions, this is all new to me.
Hi @bquest - if you want the full details, see here:
1 Like
Thanks - lots of great info! I think I understood most of everything in there. And when it says "The returned matching list of hashes is then locally compared with the full hash of your passwords, I think they mean local on the client machine?
Thanks again for all your time and insight - this was very helpful, and I now have a much better understanding!!
1 Like
Yes, by locally they mean on the client side. Glad you found the information helpful. Cheers!