323

Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)

submitted 11 months ago by Cabrio@lemmy.world to c/games@lemmy.world

216 comments fedilink hide all child comments

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments

[-] RonSijm@programming.dev 2 points 11 months ago* (last edited 11 months ago)

In your original comment, it seemed like you were suggesting hashing only before transmission

Ok, that wasn't what I was suggesting, no. That would effectively make your password hash the password itself - and it would kinda be stored in PlainText on the server, if you skip the client auth and send that value to the server directly through the api or something

how does such a service (like Proton Mail) perform this in a web browser without having access to the data necessary to decrypt all of the data it’s sending? [...] do you send down an encrypted private key that can only be decrypted with the user’s password?

Yes, pretty much. I can't really find a good, detailed explanation from Proton how it exactly works, but LastPass uses the same zero-knowledge encryption approach - which they explained with some diagram here - with a good overview of the client/server separation of it's hashing.