Re: HaveIBeenPwned database in Fedora somewhere?

Tuesday, 21 March 2023

On Tue, Mar 21, 2023 at 02:28:08PM +0100, Pavel Raiskup wrote:
...
 Hello all!

 Do we have HaveIBeenPwned database of hashes somewhere in Fedora, as a
 file or service (regularly updated)?  I'd prefer checking my passwords
 manually, without actually giving the passwords to the
 https://haveibeenpwned.com service.  Speaking of that, I really dislike
 that the service takes the real passwords on it's input. 
The query API only takes a partial hash of the password, not the
clear text password

https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByRange

  "In order to protect the value of the source password being
   searched for, Pwned Passwords also implements a k-Anonymity
   model that allows a password to be searched for by partial
   hash. This allows the first 5 characters of either a SHA-1
   or an NTLM hash (not case-sensitive) to be passed to the API "

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: HaveIBeenPwned database in Fedora somewhere?