Re: working from password dumps
That' is not the source of my mistrust. What if HIBP ITSELF is compromised? You are handing out your passwords across the internet to be checked, to a system that itself can be hacked (because they all can be).
HIBP is therefore a high profit honetpot to attackers, with users voluntarily entering their plaintext passwords to be verified. Crack open HIBP and you can gain access to passwords , during their owner's check procedure, previously *not* compromised.
Biting the hand that feeds IT
