this post was submitted on 28 Sep 2023
323 points (75.7% liked)

Games

31801 readers
1012 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
quinten@lemmy.world
TheSpookiestUser@lemmy.world
shitpostpolice@lemmy.world
Dremor@lemmy.world
Dremor@jlai.lu
323
Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)
submitted 11 months ago by Cabrio@lemmy.world to c/games@lemmy.world
217 comments fedilink hide all child comments
 

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[–] tb_@lemmy.world 10 points 11 months ago* (last edited 11 months ago) (3 children)

But that still means they had your plaintext password at some point.

Edit: which, as some replies suggest, may not actually be much of an issue.
I'm still skeptical about them returning it, however.

[–] vox@sopuli.xyz 15 points 11 months ago* (last edited 11 months ago) (2 children)

hashing on client side is considered a bad idea and almost never done.
you actually send your password "in plain text" every time you sign up.

[–] sleepy555@lemmy.world 3 points 11 months ago

Really everytime you log in too.

[–] wim@lemmy.sdf.org -4 points 11 months ago (2 children)

It's not a bad idea and it is often done, just not in a browser/webapp context.

[–] hotdoge42@feddit.de 2 points 11 months ago (1 children)

Can you give an example where this is done?

[–] wim@lemmy.sdf.org 3 points 11 months ago* (last edited 11 months ago)

Sorry, I should have included an example in my comment to clarify, but I was in a rush.

HMAC is a widely used technique relies on hashing of a shared secret for verifying authenticity and integrity of a message, for example.

[–] Kilamaos@lemmy.world 3 points 11 months ago (1 children)

Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.

That's fine and normal

[–] Hexarei@programming.dev 2 points 11 months ago

Um. Yeah, because you provided it to them. They have to have it in plain text in order to hash it.