[-] klausklemens@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

If the threat is an evil admin who can change the code it doesn't matter. The admin could change the server code to store unencrypted passwords, they could change the client code to send unencrypted passwords, they could make clients post plaintext passwords whenever you login. Hashing is damage control incase someone absconds with the password database.

[-] klausklemens@lemmy.world 15 points 1 year ago

How do you know that an admin has my plain text password? Typically passwords are stored hashed. Do Lemmy instances not do this?

klausklemens

joined 1 year ago