this post was submitted on 06 Feb 2024
625 points (98.8% liked)
Technology
58303 readers
11 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
They are talking about the password lookup: https://haveibeenpwned.com/Passwords
But, it's the same deal. You have to trust they are actually doing what they say. Mozilla uses haveibeenpwned for their basic Monitor service too.
To be fair, you can check the code they run or just use the API.
The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.
ah yes. type your password in here we totally wont steal it
Y'know that you can see the requests your browser makes, right? Mind putting in here a screenshot of HIBP uploading your password or any complete hash of it?
Failing to provide that grants you the "talking shit out of ya ass" award.