Do websites use scripts which allow administrators to reveal users' passwords when they log in?

do websites use scripts which allow administrators to reveal users' passwords when they log in?
if they do i am going to start using Tor.

Other urls found in this thread:

crackstation.net/hashing-security.htm
twitter.com/NSFWRedditGif

Thanks for the laugh OP

>I can't into php cuz I'm retarded
wahou, it's next level retardness boy.

what't that funny about it?

Tor is a myth, it's only "secure" if you trust the operators of the exit/ transit nodes and even then that wouldn't protect against your little problem user

crackstation.net/hashing-security.htm

>if they do i am going to start using Tor.
Why?

>logging into anything over tor
This is new levels of bait

>can administrators of a website see what i send to that site?
did you really just ask this question?

I asked if website's administrators or CEO can see what was typed in random user's LOG IN password blank.

your info was helpful. Thanks

and? many sites will only store a hash of your password, but they don't /have/ to, they could, if they wanted to, see and store your password as-is
after all, you sent it to them

I'm still not sure what you're asking and it still sounds like you're asking a stupid question.

but user above posted a link where how keeping user's password secret works is explained.
I read password is hashed in a way one can not simply reverse if he doesn't use some kind of attack.
Do you mean not all of the websites use that hashing method to make theirselves free to get their users' passwords?

HTTPS probably not
HTTP yes easily

Are you autistic?
They run the database. The password you use on their website is their property

fuck you, faggot.

what i'm saying is any available method to store passwords in a secure manner is optional
they can, if they want to, store any information you submit in plain text

makes no difference, https secures the link between you and the server, meaning only you and the server have access to the information
yes, you and /the server/, which includes anyone with access to the server, such as the administrators

This retard.

he's right though

think of it like a phone call, the person on the other side could record the telephone conversation with any method they like, they don't even need to tell you that they are or how they're doing it

maybe first read something about it before posting nonsense

less dodgy sites will only keep your password in hashed form, as;
1. that's all they need to verify a password
2. they don't need to know your password to access anything else you've submitted anyway

okay putting bait aside, question here
in generally, is the password hashed at client side or later at server?
first one seems like the obviously choice

he's right though, isn't he? If the password is transmitted plain text to the website, it will be received that way at the website no matter if TOR or SSL. You should use TOR if you trust your ISP less than the exit node operator, or if you're afraid of a connection between the acccount and you, TOR doesn't improve the safety of breaking into the account.

yes

Depends on the site. Most do it server-side since
1. JS can't support superior hashing algorithms like bcrypt
2. Clients that have JS disabled can't login

tor hasnt anything to do with what the website provider does with you password, or password hash, so it doesn't add any security, aswell as SSL

to what i was referring here was that tor isnt unsecure because a exit node is compromised, thats not how it works

depends on the application, but typically it's sent as plain text
why? well if you could verify an account with a hash, then stolen hashes becomes as big a problem as stolen passwords, you've defeated one advantage to using hashes
and if you generate hashes client-side, you can't benefit from salts, as the salt would need to be accessible by the client in order to generate the proper hash

I see.
well, if the website doesn't even use https the exit node operator could skim your login though?

yes, anyone along the path of http traffic can see everything

yes in this context, tor is stupid anyway, its just supposed to protect your anonymity, and then you login over it in your google mail account?
its no additional layer of connection security

yep, logging into regular accounts over tor is like walking into a place with a balaclava on, only to tell the nearest person your full name and address

pictures, thousand words and all that

If a website stores password then they have very, very shit security. Yes, the website needs to see what you sent them but the what the ahould have in database is a hash and salt of your password

A company should only have its user's pwd hashes and salts stored pernamently. But they still have to store passwords in non-persistent memory to salt and hash them. That's why heartbleed was so dangerous, it allowed attackers to get operating memory of the mashine that could have had password stored there temporaily. Oh, and TOR wont change jack shit about all of what I just said

All in all, educate yourself, seems like you reached mount stupid

>If a website stores password...
i'm also

How the fuck is Tor going to stop websites from storing your passwords in plaintext?

people who have no idea how any of this works might see tor as a privacy "silver bullet", which magically solves all problems

don't be too hard on OP, it may be a dumb question, but at least he asked instead of going with assumptions, which is even worse