Reply to post: Re: What if HIBP ITSELF is compromised?

UK National Crime Agency finds 225 million previously unexposed passwords

Anonymous Coward
Anonymous Coward

Re: What if HIBP ITSELF is compromised?

Couple of things here. Firstly sha1 has been known broken since at-least 2005. Deriving the input is non-trivial but can be done without a full brute-force stack, so suggesting you can't determine the password from a sha1 is questionable.

If you really want to check securely you can download the entire HIBP set of hashes and search it locally without your hash leaving your machine. This is significantly safer.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon