Hacker MemesAug 27, 2025
TIL: https://isanybodyusingthisprivatekey.com
Show threadbazkie πŸ‘©πŸΌβ€πŸ’» bitplanes 🎡Aug 27, 2025
@i0null well I tried all of my most important keys, and luckily they are all safe! I'm a security expert!! 😏 
Show threadbazkie πŸ‘©πŸΌβ€πŸ’» bitplanes 🎡Aug 27, 2025
@i0null on a serious note, this is why I don't like it when sites, without my permission, check my password against "haveibeenpwnd" - even if they probably (I hope?!) use the hashed variant.. who says I trust that site?? wth
Show threadMatthias RißeAug 27, 2025

@bazkie if they do it properly then haveibeenpwned only sees like the first 5 characters of the password hash, or something. You don't have to trust haveibeenpwned.

I'd rather have checks against it than all this "must contain ..." nonsense. @i0null

Show threadbazkie πŸ‘©πŸΌβ€πŸ’» bitplanes 🎡

@matrss @i0null i'd rather have neither!!

but thanks for info, that somewhat calms my nerves :)

Aug 27, 2025 at 7:59pmWeb
Show threadMatthias RißeAug 27, 2025
@bazkie in case you are wondering how it works, this explains it pretty nicely: https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByRange. I just checked and in the blog post where this API was introduced (https://www.troyhunt.com/enhancing-pwned-passwords-privacy-by-exclusively-supporting-anonymity/) Troy Hunt mentions that the non-anonymity enforcing endpoints have been removed in 2018, so the services using it can't really do the wrong thing anymore. I can understand the hesitation and concern with it, but I am convinced it is a net positive overall. @i0null
Have I Been Pwned: API Documentation

Have I Been Pwned
Show threadbazkie πŸ‘©πŸΌβ€πŸ’» bitplanes 🎡Aug 27, 2025
@matrss @i0null thanks for the info! i'm happy to hear that.