Follow

If you use KeePass this might come handy: checks for known pwned passwords in your .kdbx github.com/fopina/kdbxpassword

@x0rz I wonder what would happen if someone get web server's logs from haveibeenpwnd.com .They are at least 4 providers involved on this web: Google(Analytics), Raygun, Cloudflare, Microsoft (Azure). So if you check pswd there, you should always change it afterwards, no matter of results

Excellent point @nedelne_rano. I even looked at the code to see if someone developed it for real.

Then I've noticed, even if my Python knowledge is subzero, that they are checking the first 5 characters of the hash not the password itself, so at the end is not too bad.

BTW I think @x0rz is just a bot feeding twitter.com/x0rz tweets.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!