So right and so wrong at the same time. A hash loses be by definition information. So you can compare it to a fingerprint and decide if it matches. It can’t be used to reconstruct a fingerprint due to complexity of fingerprints and the complexity. So you can’t reuse the hash to authenticate anywhere, so stealing it has only reduced benefit. Maybe a mass surveillance state might want that to find your finger prints where you have been but this is a lot more work than just confirming your phone identifier and forcing the cell company to reveal you whereabouts.
So right and so wrong at the same time. A hash loses be by definition information. So you can compare it to a fingerprint and decide if it matches. It can’t be used to reconstruct a fingerprint due to complexity of fingerprints and the complexity. So you can’t reuse the hash to authenticate anywhere, so stealing it has only reduced benefit. Maybe a mass surveillance state might want that to find your finger prints where you have been but this is a lot more work than just confirming your phone identifier and forcing the cell company to reveal you whereabouts.
which part was wrong?
Because the hashing happens server-side, it still has access to the original data. Which is why I said
The hash for a password is not that secret. For a strong password it can’t be used for anything bad really.