Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
xalys19374y@sabbonaut he's asking how Instagram knows the passwords in their database.
resdac9044yThey probably compare them by hashing with their own encryption system.
Voxera110604yEven if the other site uses another hashing solution often the hashing solution is not that secret, any good hashing does not need to be kept secret.
They can then, when you login use that solution to generate a hash to be matched against those hashes.
And sometimes that other site used so bad hashing that the dump is the real password in which case they can use it and hash it just as they do when you login.
Root826264yThere are several ways of checking that don't implicate them for storing cleartext passwords; however, their wording absolutely does.
yangshun2244yCorrect me if I'm wrong, but your password when sent to the server for verification is still in plain text. Can't they compare it with the dump then? That doesn't mean your password is stored in plain text.
bemdXg14yMaybe only a check if the username has been used before on leaked sites?
I'm with @Root on this one only keep in mind that Instagram is owned by Facebook.
Facebook is integrated within the biggest mass surviellance program ever created so I doubt that they hash passwords or if they do that, don't make them available for either the nsa or law enforcement agencies at request.