Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.
That’s fine and normal
Comment on Larion Studios forum stores your passwords in unhashed plaintext.
tb_@lemmy.world 8 months agoBut that still means they had your plaintext password at some point.
Kilamaos@lemmy.world 8 months ago
kadu@lemmy.world 8 months ago
[deleted]Vegasimov@reddthat.com 8 months ago
When you create an account you type your password in. This gets sent to the server, and then it is hashed and stored
So there is a period of time where they have your unhashed password
This is true of every website you have ever made a password on
dangblingus@lemmy.world 8 months ago
So why would an agent at Larian have man-in-the-middle access between the password being sent to the server, and the auto-hash?
vox@sopuli.xyz 8 months ago
hashing on client side is considered a bad idea and almost never done.
sleepy555@lemmy.world 8 months ago
Really everytime you log in too.
wim@lemmy.sdf.org 8 months ago
It’s not a bad idea and it is often done, just not in a browser/webapp context.
hotdoge42@feddit.de 8 months ago
Can you give an example where this is done?
wim@lemmy.sdf.org 8 months ago
HMAC relies on hashing of a shared secret for verifying authenticity and integrity of a message, for example.