klausklemens

If the threat is an evil admin who can change the code it doesn’t matter. The admin could change the server code to store unencrypted passwords, they could change the client code to send unencrypted passwords, they could make clients post plaintext passwords whenever you login. Hashing is damage control incase someone absconds with the password database.

How do you know that an admin has my plain text password? Typically passwords are stored hashed. Do Lemmy instances not do this?