Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.
That’s fine and normal
Comment on Larion Studios forum stores your passwords in unhashed plaintext.
tb_@lemmy.world 2 years agoBut that still means they had your plaintext password at some point.
Kilamaos@lemmy.world 2 years ago
kadu@lemmy.world 2 years ago
[deleted]Vegasimov@reddthat.com 2 years ago
When you create an account you type your password in. This gets sent to the server, and then it is hashed and stored
So there is a period of time where they have your unhashed password
This is true of every website you have ever made a password on
dangblingus@lemmy.world 2 years ago
So why would an agent at Larian have man-in-the-middle access between the password being sent to the server, and the auto-hash?
vox@sopuli.xyz 2 years ago
hashing on client side is considered a bad idea and almost never done.
sleepy555@lemmy.world 2 years ago
Really everytime you log in too.
wim@lemmy.sdf.org 2 years ago
It’s not a bad idea and it is often done, just not in a browser/webapp context.
hotdoge42@feddit.de 2 years ago
Can you give an example where this is done?
wim@lemmy.sdf.org 2 years ago
HMAC relies on hashing of a shared secret for verifying authenticity and integrity of a message, for example.