Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
Re: [Data Breach] Check if your passwords have been compromised
by
PrimeNumber7
on 16/10/2019, 04:06:46 UTC
Quote from: mjglqw on October 07, 2019, 08:41:40 AM
Quote from: AverageGlabella on October 06, 2019, 10:31:35 PM
Quote from: mjglqw on October 03, 2019, 04:46:39 PM

This is a major security risk too you could alternatively download exposed passwords (which haveibeenpwned does not distribute but they are usually from public leaks) and check it offline because you are still entering a password into a different site other than the ones its used for which is a security breach in itself unless you trust a third party with storing your password to check if its been "pwned".

What are you talking about? How is using haveibeenpwned a security risk? You obviously don't enter your password on haveibeenpwned, only your email is required. Or did I misunderstood what you're trying to say here?
He was probably talking about this:
Quote from: hatshepsut93 on October 05, 2019, 02:42:45 PM
https://haveibeenpwned.com/Passwords

This is a separate feature from their email watching service, it also notifies people if their password was leaked, but you only send them a small part (called suffix) at the start of the hash of your password, and they return all the hashes from their database that also start with the same suffix, and then the code on client's side looks if any of the hashes matches the original hash.