That won't work since all possible 5 character prefixes return data. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jgrahamc on Feb 27, 2018 \| parent \| context \| favorite \| on: Why Searching Through 500M Pwned Passwords Is So Q... That won't work since all possible 5 character prefixes return data.

moviuro on Feb 27, 2018 [–]

They don't all return the same amount though. According to my Chrome here and now:

> https://api.pwnedpasswords.com/range/aaaaa = 28.8KB

> https://api.pwnedpasswords.com/range/01234 = 28.5KB

> https://api.pwnedpasswords.com/range/af0fa = 23.2KB

voltagex_ on Feb 27, 2018 | [–]

Isn't Chrome seeing the decrypted and decompressed response in DevTools? I'd be more interested in what you see in Wireshark.

moviuro on Feb 28, 2018 | | [–]

Sadly not available on my current machine :(

The experiment is left as an exercise to the reader :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact