10Eyl
How to explain "the k-anonymity model used by HaveIBeenPwned for pwned passwords doesn’t expose your passwords" to a layman?
People are naturally skeptical when they hear about the HaveIBeenPwned pwned passwords search, because who would in their right mind enter their password into a random website? And sure, HIBP uses k-anonymity to make sure they don't know your password, but if you're not familiar with how hashing algorithms work and how the k-anonymity model works, that just sounds like a bunch of technobabble from Doctor Who that you probably can't trust.
How can I best explain "the k-anonymity model as used by HIBP doesn't expose your passwords, so it is safe to enter your password on this site" to a layman?
