[p49k]

It sends the first 5 characters of the SHA-1 hash to the API, which seems reasonable. To be safe, you could check after rotating all your passwords, or I suppose you could download the raw data yourself to check directly.

And the API is controlled by Troy Hunt, not some rando.

[ChrisSD]

Troy Hunt and people who work at Cloudflare. But yeah it depends on your threat model. If it's just a random website password than it's probably fine to check. If you're trying to keep secrets from the state then maybe not.

[jstanley]

Regardless of your threat model, you can read the code and see how it works. It's short and easy to understand. It doesn't send anything more than the first 5 characters of the SHA1 hash.

[ChrisSD]

Sure but that leaks some information about your password. SHA-1 hashes are significantly quicker to compute than a password hash (and rainbow tables exist making it even faster). So the first five characters can be used to narrow the search space.

This is however not likely a real problem unless your threat model includes targeted attacks.