Properly generated passwords are significantly rarer than other types though, because it's much harder to crack the hashes for them. So in the case of non-plaintext breaches, you'll see far fewer.
Cheers, Steve On Fri, 18 Jan 2019, 22:14 Tristan Miller, <[email protected]> wrote: > Greetings. > > On Thu, 17 Jan 2019 14:48:04 -0800, Pass Word > <[email protected]> wrote: > > Someone asked on irc today for an option to check passwords against > > the Have I Been Pwned website to see if they are already > > compromised. It is probably extremely rare for a password generated > > with pass to already be on there but whatever, it is still somewhat > > useful to check other passwords you might have stored in pass. > > I wouldn't say that finding a pass-generated password listed on Have I > Been Pwned is "extremely rare" -- the breaches recorded there > come from websites that stored passwords insecurely (such as in > plaintext). So no matter how secure a password you chose for such a > website, it will still be catalogued on HIBP. > > I do generate all my passwords randomly, and use a unique password on > each site. Still, it's important for me to know if any of these are > compromised so that I can change the password on the affected site. > Thanks to the other posters in this thread for sharing the tools they > use to mass-check the password store against HIBP in a secure way. > > Regards, > Tristan > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Tristan Miller > Free Software developer, ferret herder, logologist > https://logological.org/ > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > _______________________________________________ > Password-Store mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/password-store > -- Cheers, *Steve Gilberd* Erayd LTD *·* Consultant *Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237* *PO Box 10019, The Terrace, Wellington 6143, NZ*
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
