XposeOrNot : Exposed Password Repository
by zaogord - January 11, 2020 at 11:12 PM
#1
XposedOrNot (XoN) tool is to search an aggregated repository of Xposed passwords comprising of ~850 million real-time passwords. The usage of such compromised passwords is detrimental to individual account security.



What is Xposed Passwords?

The main aim of this project is to give a free platform for the general public to check if their password is exposed and compromised.

This massive password collection is an accumulation of real passwords exposed to various data breaches around the world. Passwords are curated from exposed breaches like Collection #1, Yahoo, etc. Adding to that, passwords are also commonly exposed in “pastes” in pastebin.com 3. We have taken more than 40,000 such exposures and that is again added to this huge list.

The collated passwords are hashed with a highly secure hashing algorithm SHA-3 ( Keccak-512 ), and stored in a one way hash for verification. No passwords are stored in plain text and the process of checking anonymously is explained in detail in our blog post, 850 million passwords for free explaining the technical and operational controls enforced for enhancing the security posture. Feel free to go through the same.


It just checks if a password has been breached before, which would make it easier to crack the hash, in case a password has been exposed before. It's just a tool for the paranoid peeps who want to stay extra secure. 


A detailed list of their credential sets can be seen here: https://xposedornot.com/xposed
#2
Why would we use this over haveibeenpwned?
#3
(January 12, 2020 at 09:47 PM)plastic Wrote: Why would we use this over haveibeenpwned?

I believe in this case it actually puts plaintext? Not sure tl;dr.
#4
Looks kinda decent but it won't have anywhere near the level of hibp
#5
(January 13, 2020 at 10:20 PM)Barrown Wrote: Looks kinda decent but it won't have anywhere near the level of hibp

True in a way, but I got my own thoughts.
1. Decent yes, but why SHA3 ??
2. comparison with hibp shows that this collection is 50% bigger than hibp. It has also got a bit of acceptance now with people making use of the API.
 https://github.com/Viralmaniar/XposedOrNot
#6
The Password page doesn't work. Is this only viewable thru api calls?
#7
(January 14, 2020 at 03:30 AM)dayz Wrote: The Password page doesn't work. Is this only viewable thru api calls?

Checked password page and it works now.

(January 13, 2020 at 07:40 PM)ANK1036Official Wrote:
(January 12, 2020 at 09:47 PM)plastic Wrote: Why would we use this over haveibeenpwned?

I believe in this case it actually puts plaintext? Not sure tl;dr.

From what I've seen, both are pretty similar.  Plaintext passwords are converted into hashes using k-anonymity in both sites.

Possibly Related Threads…
Thread Author Replies Views Last Post
Over 190Law Firms Affected by Advanced Data Leak That Exposed Over 10,000 Legal Docs Ecopirate 1 275 May 22, 2020 at 12:12 PM
Last Post: BubbaGum
11 billion adult site records exposed Ecopirate 15 903 May 21, 2020 at 02:48 PM
Last Post: ayyhereforleak
115 Million Pakistani Mobile Subscribers Exposed Ecopirate 0 296 May 19, 2020 at 05:34 AM
Last Post: Ecopirate

 Users browsing this thread: 1 Guest(s)