• voxel
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    nope hashing is usually done server-side.
    also counter-intuitively server-side hashing is considered more secure than client side (in case of client side hashing hash becomes the password)

    • I’m not an expert in this, and I did look around after reading your comment. Looks like the password is usually sent as-is, then hashed server side, and matched against hashes in the database. So, the hashes are what’s stored in their database. So, ideally, the server shouldn’t know your password. Also, it can be hashed from client side too, but that becomes redundant since everything is tls encrypted anyway.