It ran its test against passwords, encrypted with the method used on most websites. In this case, it was bcrypt, which was the most widespread, according to the data from previous breaches.