• 3 Posts
  • 199 Comments
Joined 2 years ago
cake
Cake day: November 16th, 2023

help-circle
  • That is the correct way of thinking, never trust anything with your passwords.

    I was curious on what haveibeenpwned does, so I took a look at what the network tab in dev tools said what was actually sent. When I type a password (say password123) and press check it runs a function that hashes with the “SHA-1” hash function and then sends the first 5 characters of the result. The response is over a thousand lines in the format of 35 hash characters:number of breaches

    If any of these hashes are the start of your original hash, you now know it’s exposed and how many times it’s been exposed.