Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I believe they don't hash the password. They can't know the capitalised version of my password unchanged from nearly 17 year ago.


Of course they hash the password. Of course they don't know the capitalised version of your saved password, but they can know the capitalised version of the password you just entered


But how did they know which punctualion characters to remove from the password?

You may try 2 versions of first letter, but do they go as far as bruteforce removing all the % character combinations from the password, unless they did remove them all?


...and if they remove the capital?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: