#3756 - Search HaveIBeenPwned database
-
By Chris Graham
- Added
- 0 views
| Identifier | #3756 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Search HaveIBeenPwned database |
| Status | Open |
| Tags |
Type: Security (custom) |
| Handling member | Deleted |
| Addon | core_cns |
| Description | Use the HaveIBeenPwned API to check is a password has been breached.
https://haveibeenpwned.com/API/v2#PwnedPasswords We just send the first 5 characters of the sha1 hash of the new password, and get all suffixes that are pwned. We then see if any of these exactly match the sha1 hash of the new password. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet