And once again about 320 million passwords
Troy Hunt promises that he will not use your password in any way and his service is absolutely reliable.AlexanderS : News in a year: “The base with 500 million unique passwords was published”
Jokes jokes, but what if you really check the password without passing it? You can perform a binary search using JS with server requests based on the record number.
320 million passwords fit into 29 requests, and if there is no password in the database, the server will not receive its hash in any way - all work is done on the client side. But 29 requests take me about three seconds. Therefore, you can immediately transfer to the page 2048 hashes that cover the first 11 steps of the search, and each subsequent request will give another 64 hashes, thereby covering six steps at once. Then to verify the password you will need only three requests.
They look like this
hellsy.org/cgi/checkpass/search.pl?min=211470660&max=211627073
211473103: A94AA2B242B99F898954562028877A26CD04B2BF
211475547: A94B215C1CB415676D51B2D0EDEA46E17A2BF821
211477991: A94B9F7CE46B09CDECC862C1A8871EF3E989231B
211480435: A94C1B4CD21506F6805F0C3FD6323EA450BA4E29
211482879: A94C99DA6ED12BED9674DB57439DBC256176E8DB
211485323: A94D18FCBBCADF1345140EE1423D39B68D42AC67
211487767: A94D95D2449CB0F3DF82791F706B6D72C25B2745
211490211: A94E126446683238593C74FC01AE2C6A4BE80870
211492655: A94E8F164603F08F3B23365E3DA9189F48DCFE2C
211495099: A94F0DA57438366C889904D82C2C3313BF78C5DB
211497543: A94F8CE2BE63C884BC1FE3B8895A0D3691982F31
211499987: A9500DBF85B038716D6F04E7245610DAA503CE57
211502431: A95089A9D0ED87B299F41381476A34C3905B05D6
211504875: A95109DD7B77510E89E7B6811A8FF6278A9A4926
211507319: A95182D040FD1EFE2355E7F7F1B3DD336EF876B7
211509763: A95205B11E24E1ACD82AA6BDCD3C59B428536C04
211512206: A952858A152347F0E875262BD8A80AC49A0C6E9F
211514650: A9530426BF86411B967CE50CEA5DC6C8CC045F0D
211517094: A9538572505D8EFD8226DF02E9930EC88C1DF55D
211519538: A95403FBAE8062014089BC24781DD00C0BF269B6
211521982: A954828AE16483118C69844D0FD701D9C0E07630
211524426: A95501F39C3C03066F4024864434EBC2A19C6C19
211526870: A95580616439EBCA0BC1BB09B3DF762A51FC3C5F
211529314: A956026488D515632C7380022F531C26316D3E2E
211531758: A95682882B8A8936A4E74EEA97F03721334E8026
211534202: A956FF8F6183787BFF9E23E0E3FF0AF7EAC48A69
211536646: A9577EFE74FFB4A17C4DDBFB5D648A3682E89140
211539090: A957FC5B9F28664565C4FAA60A116B741E91F1A4
211541534: A9587C4E08BBC60071692746ED68EF6283FBDA7A
211543978: A958FF6D7FCD8286EA4FDBE81F4AA00B964FC77B
211546422: A9597EA6D3535C350A02720E2073D84852BE3579
211548866: A959F9BB40E94FB363DE7F5D601502D999245EE5
211551309: A95A78CCA2F4EB9A16AF08F64BB5C94B3863E418
211553753: A95AF7A0EA33A4F09F01C35471F0BAB376043869
211556197: A95B788BC54F9FA41F081CFB3761AE5E0F388962
211558641: A95BF8F3DE4924CE78E0DC47A3AFB46BD404E709
211561085: A95C778A94218909E60A0EC08299E17FA13D6D25
211563529: A95CF814AC0038430F2D52CAA89D1649C3DE4B12
211565973: A95D75CD13F0EDF3CA5ACB9ADC7AE54C5ED3CE0E
211568417: A95DF5AC7DC5101431B4B234789B1FEA053CA936
211570861: A95E74D1DA3310C3B52192275F8A22854C9C2BBE
211573305: A95EF326ADDF3A31CF00D5A023383CCB132865EF
211575749: A95F7129EB98080B865C0B3EC3080765A2937A27
211578193: A95FEC40B383B21A9675E4D8D77A293A9FFC11A4
211580637: A9606B5BF1805FBD2CC848D4AF17095BEE22AEC4
211583081: A960E99729A196D9E4B66168D7F90B27227048E2
211585525: A9616A2B79DE95670D78486C3BF210A270BFD7A6
211587969: A961E955E4A6E052339195F92780B381BE1263E0
211590413: A96269BA4E95BD9467104A059785378ECBA1E393
211592857: A962E97D9856837E37A6768AD4778D8C84463432
211595301: A96368F9438E84B5074D4AFDE65A9B354F0D02A2
211597745: A963E82D3C59BAE1F210714ED07C5870611A4C0E
211600189: A9646A19B72A2B42ED1BAE9ADF0AFCD3705121EE
211602633: A964EA13FD8D053DE302DCA5420BDDD8A9ED5DD0
211605077: A9656A421C32FD3C4AA6C5A482C81B6DECBDD1E4
211607521: A965E9460231730227A349A9CDD1B47D85D187FB
211609965: A9666B5DCCD77A3E1C93ECA34DCE8ECA6683BDBB
211612409: A966EB2009D62299460EFEED4334497D2CCD694A
211614853: A9676AA08384052F7AE3AE1EDA7CD2CA5086C46F
211617297: A967EB2E8E4B17F3ADD8145618CC091E6C513651
211619741: A9686A388C1937E034233225777C48CEDD4646BD
211622185: A968E7DD038722B2FC9B8CA35BC2F3EDBE216602
211624629: A96968DEEF479549E1FF0312F83DBFE66EE658FE
211473103: A94AA2B242B99F898954562028877A26CD04B2BF
211475547: A94B215C1CB415676D51B2D0EDEA46E17A2BF821
211477991: A94B9F7CE46B09CDECC862C1A8871EF3E989231B
211480435: A94C1B4CD21506F6805F0C3FD6323EA450BA4E29
211482879: A94C99DA6ED12BED9674DB57439DBC256176E8DB
211485323: A94D18FCBBCADF1345140EE1423D39B68D42AC67
211487767: A94D95D2449CB0F3DF82791F706B6D72C25B2745
211490211: A94E126446683238593C74FC01AE2C6A4BE80870
211492655: A94E8F164603F08F3B23365E3DA9189F48DCFE2C
211495099: A94F0DA57438366C889904D82C2C3313BF78C5DB
211497543: A94F8CE2BE63C884BC1FE3B8895A0D3691982F31
211499987: A9500DBF85B038716D6F04E7245610DAA503CE57
211502431: A95089A9D0ED87B299F41381476A34C3905B05D6
211504875: A95109DD7B77510E89E7B6811A8FF6278A9A4926
211507319: A95182D040FD1EFE2355E7F7F1B3DD336EF876B7
211509763: A95205B11E24E1ACD82AA6BDCD3C59B428536C04
211512206: A952858A152347F0E875262BD8A80AC49A0C6E9F
211514650: A9530426BF86411B967CE50CEA5DC6C8CC045F0D
211517094: A9538572505D8EFD8226DF02E9930EC88C1DF55D
211519538: A95403FBAE8062014089BC24781DD00C0BF269B6
211521982: A954828AE16483118C69844D0FD701D9C0E07630
211524426: A95501F39C3C03066F4024864434EBC2A19C6C19
211526870: A95580616439EBCA0BC1BB09B3DF762A51FC3C5F
211529314: A956026488D515632C7380022F531C26316D3E2E
211531758: A95682882B8A8936A4E74EEA97F03721334E8026
211534202: A956FF8F6183787BFF9E23E0E3FF0AF7EAC48A69
211536646: A9577EFE74FFB4A17C4DDBFB5D648A3682E89140
211539090: A957FC5B9F28664565C4FAA60A116B741E91F1A4
211541534: A9587C4E08BBC60071692746ED68EF6283FBDA7A
211543978: A958FF6D7FCD8286EA4FDBE81F4AA00B964FC77B
211546422: A9597EA6D3535C350A02720E2073D84852BE3579
211548866: A959F9BB40E94FB363DE7F5D601502D999245EE5
211551309: A95A78CCA2F4EB9A16AF08F64BB5C94B3863E418
211553753: A95AF7A0EA33A4F09F01C35471F0BAB376043869
211556197: A95B788BC54F9FA41F081CFB3761AE5E0F388962
211558641: A95BF8F3DE4924CE78E0DC47A3AFB46BD404E709
211561085: A95C778A94218909E60A0EC08299E17FA13D6D25
211563529: A95CF814AC0038430F2D52CAA89D1649C3DE4B12
211565973: A95D75CD13F0EDF3CA5ACB9ADC7AE54C5ED3CE0E
211568417: A95DF5AC7DC5101431B4B234789B1FEA053CA936
211570861: A95E74D1DA3310C3B52192275F8A22854C9C2BBE
211573305: A95EF326ADDF3A31CF00D5A023383CCB132865EF
211575749: A95F7129EB98080B865C0B3EC3080765A2937A27
211578193: A95FEC40B383B21A9675E4D8D77A293A9FFC11A4
211580637: A9606B5BF1805FBD2CC848D4AF17095BEE22AEC4
211583081: A960E99729A196D9E4B66168D7F90B27227048E2
211585525: A9616A2B79DE95670D78486C3BF210A270BFD7A6
211587969: A961E955E4A6E052339195F92780B381BE1263E0
211590413: A96269BA4E95BD9467104A059785378ECBA1E393
211592857: A962E97D9856837E37A6768AD4778D8C84463432
211595301: A96368F9438E84B5074D4AFDE65A9B354F0D02A2
211597745: A963E82D3C59BAE1F210714ED07C5870611A4C0E
211600189: A9646A19B72A2B42ED1BAE9ADF0AFCD3705121EE
211602633: A964EA13FD8D053DE302DCA5420BDDD8A9ED5DD0
211605077: A9656A421C32FD3C4AA6C5A482C81B6DECBDD1E4
211607521: A965E9460231730227A349A9CDD1B47D85D187FB
211609965: A9666B5DCCD77A3E1C93ECA34DCE8ECA6683BDBB
211612409: A966EB2009D62299460EFEED4334497D2CCD694A
211614853: A9676AA08384052F7AE3AE1EDA7CD2CA5086C46F
211617297: A967EB2E8E4B17F3ADD8145618CC091E6C513651
211619741: A9686A388C1937E034233225777C48CEDD4646BD
211622185: A968E7DD038722B2FC9B8CA35BC2F3EDBE216602
211624629: A96968DEEF479549E1FF0312F83DBFE66EE658FE
This is not very effective in terms of server performance, because 90% of the records given to them are not used, but even a cheap VPS can easily cope with this task.
')
For the frontend, I found the sha1 implementation on JS and took the Slate style .
Everything is implemented on one page as simply and primitively as possible, without using extraneous things and without putting JS into separate files, so that the interested paranoid could personally see that the script does exactly what is stated.
Password verification address: https://hellsy.org/checkpass/
Source: https://habr.com/ru/post/357418/
All Articles