Show HN: PwnedPasswords as a (Micro)Service

by ttt111222333on 4/24/2019, 11:53:04 PM with 4 comments
  • by clusmoreon 4/25/2019, 7:21:25 AM

    Not to detract from your efforts, but you can actually check your passwords with HIBP without sending the plaintext password. You can send the first 5 characters of the SHA-1 hash, and it will send back the rest of hashes that match for you to compare against. See https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByR...

  • by stephenron 4/25/2019, 4:41:19 PM

    The entire premise of this ignores that you can use the api for HIBP to do local comparison of a password.

  • by antoineMoPaon 4/25/2019, 3:22:55 AM

    Nice, now we can download it to a computer, unplug it from the internet, test passwords, then burn the computer to be sure ;)

  • by verdvermon 4/24/2019, 11:59:55 PM

    Thanks!

    https://github.com/terencechow/PwnedPasswords