Larion Studios forum stores your passwords in unhashed plaintext. - eviltoast

Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • fireflash38@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    There are ways to have passwords transmitted completely encrypted, but it involves hitting the backend for a challenge, then using that challenge to encrypt the password client side before sending. It still gets decrypted on the backend tho before hash and store.

    • Kevin@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Yeah, but SSL/TLS also solves that problem in a standardized way.

      In either case, the backend will have the plaintext password regardless of how it’s transmitted.