the string in my C app vs what my node api receives.
@angristan please don't tell me you're sending the password in plain text to the server - oh no
@valiant well this is just a test
@angristan ah I see, nice! I was worried for a second there 👀
The server can't accept a password hash from the client, because if it did then an attacker who stole the hashes from the database could just login by sending the hash (negating the purpose of hashing in the first place)
And encrypting the password before sending it isn't necessary because TLS already encrypts it before sending
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!