This isn't sufficient for all cases. For example a breach could contained a hash... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		charcircuit 4 months ago \| parent \| context \| favorite \| on: That 16B password story (a.k.a. "data troll") This isn't sufficient for all cases. For example a breach could contained a hashed passwords. If you only have the obfuscated passwords of previous breaches you can't hash it yourself to know that the new breach is just a rehash of an existing one. Data breaches can also contain other things than just passwords. Things like phone numbers, addresses, etc that would also be useful for checking.

anon7000 4 months ago [–]

Publishing someone’s leaked credentials in plaintext for anyone to look at also isn’t ideal. I mean, yes, it’s been leaked, but we also don’t need to make it easier for someone to get hacked.

charcircuit 4 months ago | [–]

Pretending it's private is also problematic. People get a false impression of what is public and what isn't.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact