Cabrio@lemmy.world to Games@lemmy.worldEnglish · 9 months agoLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldimagemessage-square191fedilinkarrow-up1425arrow-down1144file-text
arrow-up1281arrow-down1imageLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldCabrio@lemmy.world to Games@lemmy.worldEnglish · 9 months agomessage-square191fedilinkfile-text
Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
minus-squaretb_@lemmy.worldlinkfedilinkEnglisharrow-up9arrow-down8·edit-29 months agoBut that still means they had your plaintext password at some point. Edit: which, as some replies suggest, may not actually be much of an issue. I’m still skeptical about them returning it, however.
minus-squarevoxel@sopuli.xyzlinkfedilinkEnglisharrow-up14arrow-down1·edit-29 months agohashing on client side is considered a bad idea and almost never done. you actually send your password “in plain text” every time you sign up.
minus-squaresleepy555@lemmy.worldlinkfedilinkEnglisharrow-up3·9 months agoReally everytime you log in too.
minus-squarewim@lemmy.sdf.orglinkfedilinkEnglisharrow-up1arrow-down5·9 months agoIt’s not a bad idea and it is often done, just not in a browser/webapp context.
minus-squarehotdoge42@feddit.delinkfedilinkEnglisharrow-up2·9 months agoCan you give an example where this is done?
minus-squarewim@lemmy.sdf.orglinkfedilinkEnglisharrow-up3·edit-29 months agoSorry, I should have included an example in my comment to clarify, but I was in a rush. HMAC is a widely used technique relies on hashing of a shared secret for verifying authenticity and integrity of a message, for example.
minus-squareHexarei@programming.devlinkfedilinkEnglisharrow-up4arrow-down2·9 months agoUm. Yeah, because you provided it to them. They have to have it in plain text in order to hash it.
But that still means they had your plaintext password at some point.
Edit: which, as some replies suggest, may not actually be much of an issue.
I’m still skeptical about them returning it, however.
hashing on client side is considered a bad idea and almost never done.
you actually send your password “in plain text” every time you sign up.
Really everytime you log in too.
It’s not a bad idea and it is often done, just not in a browser/webapp context.
Can you give an example where this is done?
Sorry, I should have included an example in my comment to clarify, but I was in a rush.
HMAC is a widely used technique relies on hashing of a shared secret for verifying authenticity and integrity of a message, for example.
deleted by creator
Um. Yeah, because you provided it to them. They have to have it in plain text in order to hash it.