User talk:Johnuniq/Security
Latest comment: 5 years ago by Johnuniq in topic Comments / possible improvements
Comments / possible improvements
editSUGGESTION #1
Rather than
- Add the first five characters to https://api.pwnedpasswords.com/range/ and paste the resulting URL in your browser
I suggest
- Paste https://api.pwnedpasswords.com/range/XXXXX in your browser, replacing "XXXX" with the first five characters of your SHA-1 hash.
I also suggest adding a link to https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
Reason:
- https://api.pwnedpasswords.com/range/ without the additional five characters returns a 404 error (but no 404 page!)
- https://api.pwnedpasswords.com/range/XXXXX (or .../xxxxx) returns "The hash prefix was not in a valid format"
(It only accepts five case-insensitive hexadecimal characters). --Guy Macon (talk) 16:24, 1 December 2018 (UTC)
SUGGESTION #2
Somehow saying that the password Jimbo42 has been hacked 7 times doesn't sit right with me. It could be read as implying that Jimbo used that password and was hacked, and not every reader knows who "Jimbo" is. Here are some candidate replacements:
- password SHA-1 hash = 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 3,533,661 results.
- swordfish SHA-1 hash = 4f57181dcaade980555f2ce6755ca425f00658be 81,528 results.
- wikipedia SHA-1 hash = f6c70c9350ca86f160929564930546a043301e2b 1,781 results.
- zzyzx SHA-1 hash = ee2c5647cb058f803d526b06ebbc1388ab3f7ab8 404 results.
- swaziland7 SHA-1 hash = 366296174541552f823e1f565497f7efad08d101 12 results.
--Guy Macon (talk) 16:24, 1 December 2018 (UTC)
- That's good, thanks, and I'll look at this soon. Re "Jimbo42" I wanted to show that common tricks such as using a name associated with a website (although I grant that "Jimbo" is known only to those of us who follow the inside stuff) with "42" from the Hitchhiker's Guide gives a password that looks good but which has been hacked 7 times. Johnuniq (talk) 23:34, 1 December 2018 (UTC)
- @Guy Macon: I edited the page to include the suggestions above. Re "suggest adding a link", a link very close to that is already in "documented at HIBP". Johnuniq (talk) 00:50, 2 December 2018 (UTC)