I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?
I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?
deleted by creator
The first paragraph is correct, but your second paragraph is not. A cryptographic hash function is a lossy one-way function. Knowing exactly how something was hashed does not mean you can turn the hash back into the starting value again.
Oh okay makes sense thanks!
Why would the hash be reversible? SHA256 is public and it’s not reversible