View Issue Details

IDProjectCategoryView StatusLast Update
0003756Composrcore_cnspublic2018-12-31 16:19
ReporterChris GrahamAssigned To 
Severityfeature 
Status non-assignedResolutionopen 
Product Version 
Fixed in Version 
Summary0003756: Search HaveIBeenPwned database
DescriptionUse the HaveIBeenPwned API to check is a password has been breached.

https://haveibeenpwned.com/API/v2#PwnedPasswords

We just send the first 5 characters of the sha1 hash of the new password, and get all suffixes that are pwned. We then see if any of these exactly match the sha1 hash of the new password.
TagsType: Security
Attach Tags
Time estimation (hours)2
Sponsorship open

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-12-31 16:19 Chris Graham New Issue
2018-12-31 16:19 Chris Graham Tag Attached: Type: Security