It seems very useful for research and also practical uses, like how about a REST API with this dump? get <password> will not only return true if it exists but how common and how weak it is, or will return a false for unique. Is there such a service out there?
This seems a bit like testing if your parachute was packed properly by deploying it. Once I've sent my password at a 3rd party API, it doesn't much matter what the API says: my password is no longer secure.
Correct, but every site where you signup does that and I do not think anyone cares. Maybe such API will not be for end users but for other apps to run signup forms against it and help users choose a better one. In any case, the whole password deal is broken. I now use my own offline pwd generator for the "important" sites but I guess I am not the average Internet user.
Hopefully none, and hopefully they are all following best practices to protect your password, but you trust them regardless. Besides, who said plain text, such service could use ssl.
With all due respect, I think this is a horrible idea. Isn't it just better to simply download the dump and filter the information with the command line? Why would someone even want to write a program that connects to an API to get info like this? You don't really need to know too much to be able to filter values like those, and it's way more flexible.
