> You never submit your password, you submit that hash and they compare it.
That's not true. If that were the case, the hash is now the password and the server stores it in clear text. It defeats the entire purpose of hashing passwords.
Side note: that is (almost) how NTLM authentication works and why pass-the-hash is a thing in Windows networks.
That's not true. If that were the case, the hash is now the password and the server stores it in clear text. It defeats the entire purpose of hashing passwords.
Side note: that is (almost) how NTLM authentication works and why pass-the-hash is a thing in Windows networks.