iSoSyS

joined 1 year ago
sorted by: new top controversial old
YSK: Your Lemmy activities (e.g. downvotes) are far from private in c/youshouldknow@lemmy.world
[–] iSoSyS@lemmy.pt 7 points 1 year ago (2 children)

I didn't read the source code too deeply, but it appears the server receives the password, and only then it is hashed. How does it work?

  1. POST -> HTTPS -> SERVER -> hashing
  2. hashing -> POST -> HTTPS -> SERVER

Is it option 1 or 2 (or other). If option 1 an evil admin can collect the password, or am I misinterpreting something?