0x7d0
- 6 Posts
- 4 Comments
Joined 3 years ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
You are describing TLS, which is commonly used for websites and web apps.
Try the following command:
openssl s_client -connect infosec.pub:443The public key, the authority that signed the certificate, and the cypher used will all be visible.
For me, the cipher used is
ECDHE-RSA-AES256-GCM-SHA384.
Because it provides no advantage. TLS is used to secure any data sent to a server. If you don’t trust the server with your password, then you should use a unique password for this website. In fact, you should always use a unique password.
https://www.cloudflare.com/en-ca/learning/ssl/transport-layer-security-tls/
Passwords are always sent to the server, then it is hashed to check it against the value in the database. It’s also possible to view your password by inspecting login requests from other websites. TLS is used to secure it while in transit.
Hashing is done as an extra measure of security in case the database is compromised. This measure of security would have been completely void if the server would accept password hash directly. You could log in as any user by using his compromised hash.
It was quite nostalgic to do the research while writing this article!