- cross-posted to:
- programmer_humor@programming.dev
- cross-posted to:
- programmer_humor@programming.dev
You must log in or # to comment.
Firstly… no.
Secondly… cut and paste? Not copy?
For one brief, terrifying moment, the source code of my life’s work existed only in Groks memory.
Mr. Anderson.
This just in: Elon is a fraud and has no idea what he’s doing. More at 10.
this is basically
“see if your credit card has been hacked by entering it below!“
I get the same vibes from https://haveibeenpwned.com/Passwords
I know the site is made by a security researcher but still. It doesn’t feel completely safe to give then my passwords.
Except you’re not
https://haveibeenpwned.com/API/v3#PwnedPasswords
Your computer is basically sending a part of your password (the first five characters of a hash) and if the server responds positively to a match it sends all the other possible combinations and your computer looks to see if it matches the rest based on when you typed.
For more information
https://en.wikipedia.org/wiki/K-anonymity
It’s always good to be cautious, but it’s especially important to know how tech works, especially good tech, when it can have immense benefit
That is the correct way of thinking, never trust anything with your passwords.
I was curious on what haveibeenpwned does, so I took a look at what the network tab in dev tools said what was actually sent. When I type a password (say password123) and press check it runs a function that hashes with the “SHA-1” hash function and then sends the first 5 characters of the result. The response is over a thousand lines in the format of
35 hash characters:number of breachesIf any of these hashes are the start of your original hash, you now know it’s exposed and how many times it’s been exposed.
Ah yes, “fix” it for “free”
yeah let me just give all of my code to elon for free
Hey man how is poor Elon going to make money if people don’t give him free shit? Just think of the billionaires.
