

Hashckeck: Find if your password has been dumped or cracked via Google - nikcub
http://ee.turunen.pro/hashcheck/

======
eeturunen
Dev here. The red results are because of Google's limitation for searches from
one IP. Now, I wrote the app again, but instead of scraping the Google
results, I used the official Google search API. This way there should not be
any limits whatsoever. It works like a charm, BUT the API excludes the biggest
hash databases from the results (of course...), so the results can be green
even though a cracked hash has been found.

------
eeturunen
Now I reversed the app back to where it was at first; fast and only searches
"hash+plainstring". Now the results include all the hash databases too. The
server IP gets banned from time to time, but the IP should be dynamic, so the
bans won't last forever.

I could use Yahoo, but it doesn't find nearly as much hashes as Google.

Also, no logs are kept.

------
dromidas
The awesome thing about an app like this is that when you have a lot of people
use it you can then use the logged password checks as dictionary attacks
against hashed passwords that you steal. Very clever social engineering
attack.

------
wurf
Wow, every password has been cracked, even the ones I just made up like
"ldkfjg832u23rsiu32842)(/&()". No password is safe anymore, so I can just
stick my old "Password!".

~~~
nikcub
it is the colors that are confusing. red means 'not found'. if you click on
the results it will bring up the google result

i've pinged the developer to inverse the color scheme and to add a note about
clicking through to see the results

------
ColinWright
Cool, it claims to find every hash for "478oytvbosertvobaWEC"

------
timhans1
at least, if you submit a form with your password to an unknown site, it is
potentially insecure.

