[-] iSoSyS@lemmy.pt 7 points 1 year ago

I didn't read the source code too deeply, but it appears the server receives the password, and only then it is hashed. How does it work?

  1. POST -> HTTPS -> SERVER -> hashing
  2. hashing -> POST -> HTTPS -> SERVER

Is it option 1 or 2 (or other). If option 1 an evil admin can collect the password, or am I misinterpreting something?

iSoSyS

joined 1 year ago