|
|
|
|
|
|
by DuskStar
2529 days ago
|
|
|
To clarify for the GP: HIBP sends the first handful of characters of the password hash to the server, not the password itself or even the full hash. The server then returns all of the hashes matching that prefix, and the remainder of the comparison is done client side. |
|
|