this post was submitted on 05 Jul 2024
95 points (99.0% liked)

Cybersecurity

5847 readers
33 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] decisivelyhoodnoises 9 points 5 months ago* (last edited 5 months ago) (1 children)

My browser uses the same algorithm, so the text I entered is "2gtth5" now. The server looks up my hashed password

This is not correct. Your browser will submit "shark" and then the backend server will do whatever hashing is required and after that it will compare the hashes. If hashing was happening in the browser that would mean that an attacker would be be able to attack by using just the hashes of the passwords, not the passwords themselves. Also in such case, the browser would had been responsible to do the required salting which in turn would make it pointless as it would had been known.

[โ€“] [email protected] 5 points 5 months ago* (last edited 5 months ago)

Ah that makes sense let me put an asterisk on that then