|
|
|
|
|
|
by timothy-quinn
2188 days ago
|
|
|
Exactly - but the reactions I saw when he first released Pwned Passwords was "this is a malicious tool, don't give your password to anyone". Even if you're hitting the API from your own service, you need the entire password first to submit the partial hash to the API. We who understand what's going on know it's perfectly fine, but it's hard to get that message across. Just like the first time you try to explain what a hash is to a non-technical person. |
|
|