On Tue, Mar 21, 2023 at 02:28:08PM +0100, Pavel Raiskup wrote:
Hello all!
Do we have HaveIBeenPwned database of hashes somewhere in Fedora, as a
file or service (regularly updated)? I'd prefer checking my passwords
manually, without actually giving the passwords to the
https://haveibeenpwned.com service. Speaking of that, I really dislike
that the service takes the real passwords on it's input.
The query API only takes a partial hash of the password, not the
clear text password
https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByRange
"In order to protect the value of the source password being
searched for, Pwned Passwords also implements a k-Anonymity
model that allows a password to be searched for by partial
hash. This allows the first 5 characters of either a SHA-1
or an NTLM hash (not case-sensitive) to be passed to the API "
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|