Is anybody using this private key?

[+] qualeed|8 months ago|reply

"256 bits AES Encryption" should really have a "Military Grade" stamp on it. Perhaps with a metal background and some rivets or whatever for emphasis.

[+] mdaniel|8 months ago|reply

I guess it's to be expected, but the IPv6 Ready is bogus, too

  ; <<>> DiG 9.10.6 <<>> AAAA isanybodyusingthisprivatekey.com.
  ;isanybodyusingthisprivatekey.com. IN AAAA

[+] gnyman|8 months ago|reply

I'm confused by this one. It says it's a joke but it still submits the key to a server.

These joke pages have been around since http://ismycreditcardstolen.com/

And I even made my own version https://hasmypasswordbeenstolen.net/

The difference is that neither the original nor mine actually submits the secret to the server. I went to great lengths to avoid actually doing it, it's still a bad idea to send a password to my page but at least you can check the source and network traffic and see that it's only checked with JavaScript and a hash is checked against the HIPB password site.

This supposed joke site sends and processes the key on their backend. At least it looks like that, I have not tried with a real key.

[+] Arcuru|8 months ago|reply

Yea..sending it to the server makes it look sketchy. Even for my joke site[1] I make sure everything stays client side.

[1]: https://faxyourballs.com

[+] ivanjermakov|8 months ago|reply

> Guys this is just a meme website. Please do not submit your real private key and do not report phishing.

Exactly what a phishing website would say.

[+] yieldcrv|8 months ago|reply

I would also provide an open source version that also was backdoored

[+] BenjiWiebe|8 months ago|reply

Cloudflare's 1.1.1.1 for families blocks this is phishing. No sense of humor I guess?

[+] StefanBatory|8 months ago|reply

On my home PC Avast blocks it too.

[+] DonHopkins|8 months ago|reply

Nicely done! It worked flawlessly for me the first time. Does this support bulk upload?

[+] ignoramous|8 months ago|reply

Do not give out your private keys anywhere except where they're needed. They are meant to be private for a reason.

If this service was serious, it'd instead rely on fingerprints (sha256/sha512) and not the key itself.

[+] mr_toad|8 months ago|reply

Is there any case where they ever need to be shared? If you need a login, generate a new one.

[+] goopypoop|8 months ago|reply

"Never unless necessary" is unhelpful for anything

[+] gblargg|8 months ago|reply

Scammer: your private key is needed.

Oh, OK.

[+] mightysashiman|8 months ago|reply

Wouldn't it being making the matter worse? You wouldn't know if it's a collision of the hash or of the keys themselves

[+] thasso|8 months ago|reply

Wait why did it say the key was unused when I submitted the first time, but now it shows the key is already taken?

[+] isoprophlex|8 months ago|reply

It could be a bad actor pretending to be a meme actor pretending to be a bad actor

[+] nativeit|8 months ago|reply

Presumably, they took it.

[+] smidgeon|8 months ago|reply

Thank goodness, now I know my private keys have not been leaked ...

[+] alberth|8 months ago|reply

Instead of HaveIbeenPwned.com, maybe the name of this site should be HaveIbeenKeyed.com

[+] ghusto|8 months ago|reply

The word you're looking for is "joke" not "meme", but that isn't hip enough, right?

[+] TheRealPomax|8 months ago|reply

If this is just a meme website, just... take it back down? People are dumb, they are going to fill in real keys, and you knew this before you clicked "deploy".