• frezik@midwest.social
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    What? No. No matter where it happens (and it could be on either side, depending on the whims of the programmers), passwords shouldn’t be fiddled with this way. They should be passed through to the password hashing algorithm unchanged. There is no reason to ever fuck with them, and doing so will reduce security.