1 upvotes, 2 direct replies (showing 2)
View submission: How to keep your Reddit account safe
No, because not everyone (nor should they be) use the same salt/hash.
Comment by gdq0 at 06/05/2019 at 22:12 UTC
3 upvotes, 1 direct replies
But doesn't reddit know my salt? if they know my salt and they guess my password due to it being leaked on a 3rd party site, they can match a generated salted guessed password hash to the salted password hash I use to login.
In any case you can literally just write a script to log into reddit using leaked username/password combinations and test that way too.
Comment by SovietMacguyver at 07/05/2019 at 01:38 UTC
1 upvotes, 0 direct replies
That doesnt matter. Reddit simple compares their hash with the breach sets password hashed by the users Reddit salt. If they match, the passwords are the same, and the Reddit password is insecure.