On Tue, Mar 21, 2023 at 02:28:08PM +0100, Pavel Raiskup wrote: > Hello all! > > Do we have HaveIBeenPwned database of hashes somewhere in Fedora, as a > file or service (regularly updated)? I'd prefer checking my passwords > manually, without actually giving the passwords to the > https://haveibeenpwned.com service. Speaking of that, I really dislike > that the service takes the real passwords on it's input.
The query API only takes a partial hash of the password, not the clear text password https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByRange "In order to protect the value of the source password being searched for, Pwned Passwords also implements a k-Anonymity model that allows a password to be searched for by partial hash. This allows the first 5 characters of either a SHA-1 or an NTLM hash (not case-sensitive) to be passed to the API " With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
