I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?

    • clb92@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      The first paragraph is correct, but your second paragraph is not. A cryptographic hash function is a lossy one-way function. Knowing exactly how something was hashed does not mean you can turn the hash back into the starting value again.

    • iamak@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Oh okay makes sense thanks!

      Why would the hash be reversible? SHA256 is public and it’s not reversible