|
|
|
|
|
|
by snailmailman
2527 days ago
|
|
|
The password isn’t necessarily in the list, and if it is it should be changed. The service just returns the list and you check locally. The server only gets the first few characters of the hash. Knowing the hash prefix of someone’s password doesn’t help you guess it. You can’t plan your guesses to have a matching prefix or anything. If your password is in the list, then the full hash is already out there and you should stop using it, because it’s probably been brute forced by someone or people are trying to guess it somewhere. |
|
|