haveibeenpwned API will stop working on 1st June

ChrisP1118 / PreventPwnedPasswords

A Chrome and Firefox extension that verifies passwords against Have I Been Pwned

https://chrisp1118.github.io/PreventPwnedPasswords/

GNU General Public License v3.0

1 stars 1 forks source link

haveibeenpwned API will stop working on 1st June #1

Open rleeden opened 6 years ago

rleeden commented 6 years ago

The API used in this extension will stop working on 1st June 2018. See https://haveibeenpwned.com/API/v2#PwnedPasswords

An alternative (and more secure) method is available here: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange.

Any chance this extension could be updated to support the Searching by Range technique?

m4lvin commented 5 years ago

Any chance this extension could be updated to support the Searching by Range technique?

I would like to stress this. After reading both the description of the AddOn in the Mozilla repository and the website it was still not clear to me whether this add-on sends the full hash or uses the k-anonymity method. Also the privacy policy at https://chrisp1118.github.io/PreventPwnedPasswords/privacy-policy.html does not explain this in detail.

ChrisP1118 commented 5 years ago

This doesn't use the k-anonymity method, it sends the full hash. I assume this stopped working back on June 1, and since I haven't really gotten any feedback, I've essentially considered this project dead. As best I can tell, no one is using the plugin -- I'll update the readme accordingly.

m4lvin commented 5 years ago

Thank you!

If you no longer maintain the plugin, please also state that on https://addons.mozilla.org/en-US/firefox/addon/prevent-pwned-passwords/ which currently says there are 104 users.