Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Honest question, how does somebody know whether a dumped hashed/"encrypted" password has actually been broken and exists in plaintext?

Some time ago I reset almost all my passwords to 1passwd $RAND, but some of these dumps are ooooold. Is there a legit way to find what's available for my email?



There are some efforts, like https://haveibeenpwned.com/. However, personally? I always feel naked dishing out my email(s) in a <form>... Irregardless of HTTPS or HTTP.


There are several services (including one run by me).

https://canar.io (mine)

https://haveibeenpwned.com/

Mine lets you free-form search whereas HaveIBeenPwned is there for searching just e-mail addresses.


Yours is fun, in that it's more free-form, but HIBP seems to cover more ground.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: