If this is just a meme website, just... take it back down? People are dumb, they are going to fill in real keys, and you knew this before you clicked "deploy".
The difference is that neither the original nor mine actually submits the secret to the server. I went to great lengths to avoid actually doing it, it's still a bad idea to send a password to my page but at least you can check the source and network traffic and see that it's only checked with JavaScript and a hash is checked against the HIPB password site.
This supposed joke site sends and processes the key on their backend. At least it looks like that, I have not tried with a real key.
19 comments
[ 4.7 ms ] story [ 49.1 ms ] threadIf this service was serious, it'd instead rely on fingerprints (sha256/sha512) and not the key itself.
Exactly what a phishing website would say.
They are now!
These joke pages have been around since http://ismycreditcardstolen.com/
And I even made my own version https://hasmypasswordbeenstolen.net/
The difference is that neither the original nor mine actually submits the secret to the server. I went to great lengths to avoid actually doing it, it's still a bad idea to send a password to my page but at least you can check the source and network traffic and see that it's only checked with JavaScript and a hash is checked against the HIPB password site.
This supposed joke site sends and processes the key on their backend. At least it looks like that, I have not tried with a real key.