|
|
|
|
|
|
by 1vuio0pswjnm7
934 days ago
|
|
|
Would it matter which hash function was used to create the password database. But there's more than just the issue of discovering the passowrd itself. What about the issue of discovering that a particular password hash comes from an employee at a certain company. As I understand it, Tory Hunt downloads dumps of stolen passwords. He does not share the dumps. Instead he collects queries, like a search engine. Until people start sending him queries of hashes to check he does not necessarily know the locations of the people whose passwords were stolen. However if he gets a series of hashes sent from some IP address belonging to a perticular corporation, then argubaly he now knows these are likely to be passwords belonging to employees at that corporation. |
|
|
https://www.troyhunt.com/understanding-have-i-been-pwneds-us...