Is there a way to check lists of cracked passwords without revealing my password?

I want check if my various passwords are in lists of cracked passwords, but I don’t want to type the passwords online. For example, I’d rather scroll through an ordered list of passwords that have been merged from all rainbo… Continue reading Is there a way to check lists of cracked passwords without revealing my password?

Are stronger passwords safe in case of a breach?

Passwords are not generally held by websites, instead, they hold hashes of your passwords.
When there’s a breach, these hashes are stolen and they are matched against rainbow tables of pre generated password hashes.
Is it fair to say that if your password is a genuinely secure password, like xy%5-xthrs32£ that you are still safe. Far far safer than someone with a password like Princess123 or my favourite LetMeIn.

I know the answer is that in the event of a breach, you should always change your password, I’m just trying to understand the security aspect. So, when talking to to someone with a genuinely random password – eg one generated by a good password manager – is it fair to say you are probably safe?

Continue reading Are stronger passwords safe in case of a breach?

How many combinations of md5sums can be computed from a call to random() in PostgreSQL?

Problem space

I’m way out of my pay grade, I’m trying to figure out

How much randomness does a call to random() actually provide in PostgreSQL?

SELECT random();

Whether or not you can reasonably guess that much randomnes… Continue reading How many combinations of md5sums can be computed from a call to random() in PostgreSQL?