19 comments

[ 4.7 ms ] story [ 49.1 ms ] thread
A "dumbass" counter on this site would be interesting.
Thank goodness, now I know my private keys have not been leaked ...
"256 bits AES Encryption" should really have a "Military Grade" stamp on it. Perhaps with a metal background and some rivets or whatever for emphasis.
Do not give out your private keys anywhere except where they're needed. They are meant to be private for a reason.

If this service was serious, it'd instead rely on fingerprints (sha256/sha512) and not the key itself.

> Guys this is just a meme website. Please do not submit your real private key and do not report phishing.

Exactly what a phishing website would say.

Cloudflare's 1.1.1.1 for families blocks this is phishing. No sense of humor I guess?
Nicely done! It worked flawlessly for me the first time. Does this support bulk upload?
Instead of HaveIbeenPwned.com, maybe the name of this site should be HaveIbeenKeyed.com
> Is anybody using this private key?

They are now!

If this is just a meme website, just... take it back down? People are dumb, they are going to fill in real keys, and you knew this before you clicked "deploy".
My private key came from Debian, they patched the issues reported by Valgrind and now OpenSSL is more secure than ever.
Wait why did it say the key was unused when I submitted the first time, but now it shows the key is already taken?
I'm confused by this one. It says it's a joke but it still submits the key to a server.

These joke pages have been around since http://ismycreditcardstolen.com/

And I even made my own version https://hasmypasswordbeenstolen.net/

The difference is that neither the original nor mine actually submits the secret to the server. I went to great lengths to avoid actually doing it, it's still a bad idea to send a password to my page but at least you can check the source and network traffic and see that it's only checked with JavaScript and a hash is checked against the HIPB password site.

This supposed joke site sends and processes the key on their backend. At least it looks like that, I have not tried with a real key.

Generate and send it every possible key
Hey, that's not the wallet inspector...
The word you're looking for is "joke" not "meme", but that isn't hip enough, right?