
Show HN: A dating app that matches people based on their password - kazet
https://wordsofheart.com/
======
dickfickling
This is a fascinating premise. I wonder what "02rcV@gwBiE14N2e" says about
me...

It should go without saying, but don't use your regular password for this
site. There's no way they're using a unique salt for every password in their
database, because otherwise it'd be impossible to match people based on the
password. Without a unique salt, they're much more vulnerable to a rainbow
table attack.

~~~
kazet
Yes, I am not using salt to decrease the time complexity of matching people.
And I do agree that using your regular password here is a terrible idea :-)

~~~
vtange
Wouldn't that effectively render the whole 'matching people based off the
passwords they hold dear' premise pointless then?

------
ilconsigliere
So if I match with someone we now both know each other's passwords?

~~~
JavaOffScript
This ensures you can never ever break up.

------
Jenkins2000
This would be a great addition to my other sites. One finds matches based on
your mothers maiden name, and the other finds matches based on your social
security number.

------
psychometry
This submitter has basically no history on this site. Smells like a honeypot
to me.

~~~
exolymph
You'd have to be a moron to use a password that already you use anywhere else.
Then again, people are generally morons. (Or, more charitably, they know very
little about technology and opsec. Granted, that doesn't seem to be the Hacker
News target audience.)

~~~
sandov
You'd have to be a moron to use your password AND give some other information
that can be traced back to you or your accounts by the creator, passwords by
themselves are practically useless.

~~~
jstanley
I think you'd have to be a moron to give your password even if you don't
knowingly give some information that can be traced back to you.

Even if nothing at all traces it back to you, it would be easy to add every
received password to a dictionary for later consultation.

But besides that, the data can be linked to you if you ever knowingly give any
identifying data to another website that the attacker here has control over
(or, at least, can observe). If he sets a cookie, or remembers your ip
address, or your browser fingerprint, there's every chance that he might later
be able to find out your real email address.

Do not give your real passwords to this site.

------
anfractuosity
Haha.

You could use something akin to the principle behind the Socialist
millionaires problem, to compare two values without revealing them to another
party.

------
whoisjuan
Does this mean that they don't hash your passwords? They save it in plain text
somewhere? ... Also, this is a terrible idea...

~~~
Miner49er
No, they can still hash it. Just not with unique salt, I believe.

------
Santosh83
I use entirely random, machine generated passwords. I assume my matches would
also be similarly random?

~~~
SmooL
Well, random only in the set of people who use machine generated password!

------
wink
I don't care if it's a honeypot, it's the best laugh I had today. Also, I'd be
so interested in a large-scale study if this single data point correlates with
anything.

------
lionheart
Soooooo... if people use their standard password on this you'll be able to
login as them as soon as you get any personally identifiable info - like email
or FB account, right?

------
zerostar07
this must be the first polyamory matchmaker. the '12345678' village and the
'password' megacity are waiting just around the corner

------
hood_syntax
In order to maximize my pool, should I choose 123... variants? Would I be
lowering my chances of success by reducing the median quality of members?

------
purplezooey
Y'all could just use a previous password.

------
amelius
Can I have an app based on 23andme data already?

~~~
jstanley
Are you trying to match against people who share your DNA? That doesn't sound
like a brilliant idea!

~~~
amelius
Ha, no I was more thinking along the lines of a ML approach based on
successful couples.

------
alasdair_
Seems like a really bad idea for a honeypot.

------
eptakilo
This website seems a little fishy.

~~~
dragonwriter
I think you misspelled “phishy”.

------
Exuma
camaro69... is that you???

