Can't it be achieved by this simple steps?
Consider ur password is y.
a) f(y, i) = a func that gets i'th character of a pass. y;
b) hash(x) is ur hashing func;
c) x0 = hash(y);
d) concat(a, b) - concatination func;
1. x1 = hash(concat(f(y,1), x0));
2. x2 = hash(concat(f(y,2)+x0));
.
.
etc
Store in DB
id position hash user_id
1 0 x0 1
2 1 x1 1
3 2 x2 1
I do not agree that they store a password in plain text. You cannot say for sure. What if they hash each character and store each with its position in the db?
I think you should try web app disabling the internet on your phone. Have you tried it? If watsup store the messages on its servers, it would be able to retrieve. But this is also not reliable since they may check phone connectivity before they retrieve from their "servers". I am still skeptical that they may store on servers behind the scene at least for speed and performance.
The question arises. How Letsencrypt handle reissued certificates under one domain? Guess if I reissue million times for a specific domain, does this override the previous certificates on their database or does it create valid certificates each time I reissue? Thanks for the script.