1d ago

Natural selection in IT

isanybodyusingthisprivatekey.com

Is anybody using this private key

That's a meme page. Do NOT submit your real private keys!

Hacker News @lemmy.bestiver.se

RSS Bot @lemmy.bestiver.se

BOT

2mo ago

Is Anybody Using This Private Key

isanybodyusingthisprivatekey.com

35 comments

Page claims to be IPv6 ready...does not actually have an IPv6 address. This isn't a meme, this is a crime
That’s a meme page. Do NOT submit your real private keys!
Don't tell me what to do with my employers keys.
- That's ok. Just don't do it with your personal ones.
- if you have your employer's keys...
I went to a similar site, but instead of checking private keys it checked all my credit cards to make sure they weren't on the dark web.
/s
- Also, check if your PIN has been leaked as well! https://pastebin.com/Nn2ZcdfC
  
  Ah but you can use Cantor's diagonal proof to get a new one. For example if I take the first four and increase the nth digit on the nth row then I get 1114 which isn't in the set.
  
  I could have sworn I had a bank card for a while with a 6-digit pin... Am I crazy? Is that impossible? Or is the joke worn out?
- Do you have a link? I want to check mine
I just gave away my private key used to access my vps via ssh.
The website is secured with SSL ✓ and network traffic encrypted with TLSv1.3 ✓. Furthermore, the website uses IPv6 ✓ and my private key is encrypted with AES256 ✓✓✓. Nobody else can access it.
- And? What was the result? Is your key safe to use?
It says it IPv6 ready but doesn't even have any AAAA DNS records.
It does use TLS 1.3, but only AES 128 bits for me.
- Always great to see people who check security before putting their personal information in somewhere
- well, its ready, not that its implemented 😏
- Glad to see I'm not the only one checking for a AAAA. Looked like a cool and useful site /s but I only use sites with v6.
How do I upload from my company's yubikey?
Didn't pass captcha to submit my crypto wallet :(
- Have you tried disabling VPN?
  
  I'm a robot
To save anyone the trouble, here's a key I've generated just now:

-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACAqTGrNcWWZrKjDzAgG1KaCYAOOAoqSSQvvWVgUx7PdMgAAAJgzuRsTM7kb EwAAAAtzc2gtZWQyNTUxOQAAACAqTGrNcWWZrKjDzAgG1KaCYAOOAoqSSQvvWVgUx7PdMg AAAEC8jODzrMngnvJlMwtlhqwlI6qS42WlzSDADbEYaCsRzCpMas1xZZmsqMPMCAbUpoJg A44CipJJC+9ZWBTHs90yAAAAEXUwX2E0MzhAbG9jYWxob3N0AQIDBA== -----END OPENSSH PRIVATE KEY-----
(and if I did it wrong enough, well, you can hack me but please let me know how I fucked up)
Change any random character in there to see how the website reacts to a unique key. I changed an O to an o and it accepted it.
- Wait, that's my key. Ohhh QIDBA not QADBX.
- FWIW this is what I did:
  
  $ ssh-keygen -f fake_ssh_key
  (press Enter twice for no passphrase)
  and then:
  
  $ cat fake_ssh_key
  Which I then just copy-pasted from the terminal. Surely this can't reveal anything about my other private keys, right?
  
  Yes. It only reveals stuff about your defaults, which should be ed25519 globally now anyway.
  
  We know your unique machine ID now.
Hunter2
- All I see is *******
Blocked by defender
- Damn. Microsoft did something right?
The disclaimer ruins the joke
- Better safe than sorry
  
  No
- I'm pretty sure there was a version without it first.
  Still made me laugh 🤷
  
  Yes I do remember it used to not be there
Awesome :3

35 comments