Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.
That’s fine and normal
Comment on Larion Studios forum stores your passwords in unhashed plaintext.
tb_@lemmy.world 1 year agoBut that still means they had your plaintext password at some point.
Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.
That’s fine and normal
When you create an account you type your password in. This gets sent to the server, and then it is hashed and stored
So there is a period of time where they have your unhashed password
This is true of every website you have ever made a password on
So why would an agent at Larian have man-in-the-middle access between the password being sent to the server, and the auto-hash?
Um. Yeah, because you provided it to them. They have to have it in plain text in order to hash it.
vox@sopuli.xyz 1 year ago
hashing on client side is considered a bad idea and almost never done.
sleepy555@lemmy.world 1 year ago
Really everytime you log in too.
wim@lemmy.sdf.org 1 year ago
It’s not a bad idea and it is often done, just not in a browser/webapp context.
hotdoge42@feddit.de 1 year ago
Can you give an example where this is done?
wim@lemmy.sdf.org 1 year ago
HMAC relies on hashing of a shared secret for verifying authenticity and integrity of a message, for example.