Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What is that all about? The site makes a claim of making a search through 150mio records a big deal. Ok, it is not trivial, but any decent DB with proper indexes would have no trouble doing that. Am I missing something?

Also, they want me to enter my e/mail to check... <lost me here already>. Seriously?



It checks if your email is in the dump. What would you want, just a full list of everyone's emails in plaintext for the world to see?


A form to enter the sha1 of your email address so they can check against a list of addresses they've already sha1ed? And a form that takes the email for people that don't give a shit or don't know wtf a sha is.

Maybe just a .txt of the hashes too, but then no ones coming to your web service I guess.


That makes no sense - they have the plaintext of the email addresses they SHA1, so they can correlate it just fine when you enter it in, too.


But if they don't have your address, ie it wasn't leaked or they're full of shit and never had the list, when you enter the SHA1 you don't give them the address.


Given they're no longer secret, that would seem safer than typing my e-mail address into an untrusted site to see if it has been compromised.


While you should not take my word for it, I am friends with the owner of that site and it is perfectly safe to put your address into there. The author and I were sharing data.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: