minus-squareiSoSyS@lemmy.pttoYou Should Know@lemmy.world•YSK: Your Lemmy activities (e.g. downvotes) are far from privatelinkfedilinkEnglisharrow-up7·1 year agoI didn’t read the source code too deeply, but it appears the server receives the password, and only then it is hashed. How does it work? POST -> HTTPS -> SERVER -> hashing hashing -> POST -> HTTPS -> SERVER Is it option 1 or 2 (or other). If option 1 an evil admin can collect the password, or am I misinterpreting something? linkfedilink
I didn’t read the source code too deeply, but it appears the server receives the password, and only then it is hashed. How does it work?
Is it option 1 or 2 (or other). If option 1 an evil admin can collect the password, or am I misinterpreting something?