this post was submitted on 28 Sep 2023
324 points (75.8% liked)

Games

32507 readers
1548 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
quinten@lemmy.world
shitpostpolice@lemmy.world
Dremor@lemmy.world
Dremor@jlai.lu
324
Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)
submitted 1 year ago by Cabrio@lemmy.world to c/games@lemmy.world
215 comments fedilink hide all child comments
 

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[–] poopsmith@lemmy.world 4 points 1 year ago* (last edited 1 year ago) (2 children)

Maybe I'm misunderstanding you, but backend servers will almost always have the user-submitted password in plaintext as a variable, accessible to the backend server and any upstream proxies.

It's even how it's done in Lemmy. The bcrypt verify accepts the plaintext password and the expected salted hash.

[–] fireflash38@lemmy.world 2 points 1 year ago

There are ways to have passwords transmitted completely encrypted, but it involves hitting the backend for a challenge, then using that challenge to encrypt the password client side before sending. It still gets decrypted on the backend tho before hash and store.