• @[email protected]
    link
    fedilink
    English
    9
    edit-2
    5 months ago

    My browser uses the same algorithm, so the text I entered is “2gtth5” now. The server looks up my hashed password

    This is not correct. Your browser will submit “shark” and then the backend server will do whatever hashing is required and after that it will compare the hashes. If hashing was happening in the browser that would mean that an attacker would be be able to attack by using just the hashes of the passwords, not the passwords themselves. Also in such case, the browser would had been responsible to do the required salting which in turn would make it pointless as it would had been known.

    • @hoshikarakitaridia
      link
      English
      5
      edit-2
      5 months ago

      Ah that makes sense let me put an asterisk on that then