3. I built Pass | Guess, the Ultimate password vulnerability demo

I built Pass | Guess, the Ultimate password vulnerability demo

Every time a password is entered if it IS on the list, it's not considered secure, so by default, if the password you try is NOT on the list, it was considered "secure "

I understood that is what you intended, but the result is that you are saying "test_123" was considered secure. If you want to develop it into a serious service, I would advise against telling someone if a password is secure or not. Simply say something like "The password was/wasn't found in our database" or whatever.

The link I clicked was on Reddit. I'm talking about a disclaimer on the site. Hiding the disclaimer in "About" is, to me, shady practice. Not accusing you of doing it maliciously, but it certainly feels shady when the most important disclaimer - this site harvests the input - is hidden from the input field. If anything it should be reversed: you see the disclaimer, and click a button to reach the input.

Not trying to be short with you, or belittle your project, but anything related to password security needs approached with the utmost scrutiny. I highly suggest you read about how Troy Hunt deals with this exact problem (user entering a password and checking against a db of known-breached passwords) with k-anonymity.

You can find the link here.

/r/hacking Thread Parent
Previous
Next

Recently removed from /r/hacking

What is this on my cellphone? When I searched for it, it came up as a remote monitoring hacking interface, and I suspect that my work may be monitoring my cellphone. I think now, I actually have proof: Can the origin of this be detected? I am referring to the "com.drogecomputing.pro" Can someone answer the following? Is possible that I can get hacked this way? What does the padlock mean on the top left of my address bar? Is that the same as buying a proxy VPN? Bypassing BIOS passwords Find someone from California. A friend says he's been hacked How could one find out more about a phone number? Are there any specific examples of a hacker being forced/compelled by their government to attack another country or business? Certified Ethical Hacking for Pentesting Apple offers $1.5 million reward for anyone who can hack their new iPhone I just found out a website is storing my password in plaintext, what should I do? The NSA says it's time to drop its massive phone-surveillance program NSA Releases GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool – PentestTools How are criminal records viewed in the infosec community?

More Random Comments

Stupidest girl alive update: All of you had me afraid of Blighttown for nothing Pls halp - work notifications for working hours only Those of you who think we should go into another lock down for COVID, why are you afraid of a virus with a 99% survival rate? Almost got in a fight for approaching a girl.. I think God hates me Girlfriend (19F) devastated by my (19M) masturbation habits How did Naruto became the most popular Anime Fanfiction on Fanfiction.Net? Cookies! ... Holup, wha?? [Image] - This resonates, you are not alone Wooman Tired of the poor explanations about vaccines and how they work. Golden Guardians vs. Immortals / LCS 2021 Summer - Week 9 / Post-Match Discussion Weekly Quick Questions and Advice Thread - August 02, 2021 Reisų iš Irako į Baltarusiją daugėja – bus skrydžiai iš dar trijų miestų "Ask a DA": APs looking for advice post here please!