klausklemens

joined 1 year ago

YSK: Your Lemmy activities (e.g. downvotes) are far from private in c/[email protected]

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

If the threat is an evil admin who can change the code it doesn't matter. The admin could change the server code to store unencrypted passwords, they could change the client code to send unencrypted passwords, they could make clients post plaintext passwords whenever you login. Hashing is damage control incase someone absconds with the password database.

permalink
fedilink
source
context

YSK: Your Lemmy activities (e.g. downvotes) are far from private in c/[email protected]

[–] [email protected] 14 points 1 year ago (7 children)

How do you know that an admin has my plain text password? Typically passwords are stored hashed. Do Lemmy instances not do this?

permalink
fedilink
source
context