> If you're saving the hash of original PassWORD, then transforming the erronously entered pASSword to lower case will still produce a different hash from t[h]e one you have saved.
This is true, but it's not a response to your parent comment,
> You can do what Facebook does without storing the passwords as lower case. If someone tries to log in, and the password doesn't match, then just transform it that way and try again.
Oh, you mean only the transformation of inverting the case. But I believe that originally we were talking about any mistakes with case, not only inversion.
This is true, but it's not a response to your parent comment,
> You can do what Facebook does without storing the passwords as lower case. If someone tries to log in, and the password doesn't match, then just transform it that way and try again.
1. Store the hash of "PassWORD".
2. Receive erroneous "pASSword", hash it, find the hash isn't right.
3. Reverse the case of the bad input to get "PassWORD", hash that, find it matches.
At no point was it necessary to store the hash of "password".