this post was submitted on 28 Sep 2023
320 points (75.6% liked)

Games

32431 readers
1055 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
 

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[–] tb_@lemmy.world 10 points 1 year ago* (last edited 1 year ago) (3 children)

But that still means they had your plaintext password at some point.

Edit: which, as some replies suggest, may not actually be much of an issue.
I'm still skeptical about them returning it, however.

[–] vox@sopuli.xyz 15 points 1 year ago* (last edited 1 year ago) (2 children)

hashing on client side is considered a bad idea and almost never done.
you actually send your password "in plain text" every time you sign up.

[–] sleepy555@lemmy.world 3 points 1 year ago

Really everytime you log in too.

[–] wim@lemmy.sdf.org -4 points 1 year ago (2 children)

It's not a bad idea and it is often done, just not in a browser/webapp context.

[–] hotdoge42@feddit.de 2 points 1 year ago (1 children)

Can you give an example where this is done?

[–] wim@lemmy.sdf.org 3 points 1 year ago* (last edited 1 year ago)

Sorry, I should have included an example in my comment to clarify, but I was in a rush.

HMAC is a widely used technique relies on hashing of a shared secret for verifying authenticity and integrity of a message, for example.

[–] Kilamaos@lemmy.world 3 points 1 year ago (1 children)

Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.

That's fine and normal

[–] Hexarei@programming.dev 2 points 1 year ago

Um. Yeah, because you provided it to them. They have to have it in plain text in order to hash it.