Make hashing optional - Githubissues

DivineOmega / password_exposed

🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.

GNU Lesser General Public License v3.0

213 stars 34 forks source link

Make hashing optional #12

Closed leymannx closed 6 years ago

leymannx commented 6 years ago

Maybe I didn't see it or am I right that it currently only takes blank strings as input? Useful for the exact moment when users have to choose a new password.

But it would be even nicer to also be able to use this tool for checking against already hashed passwords. Would that work with Troys API? With different hash types? Or does it anyways only work with sha1?

DivineOmega commented 6 years ago

It currently takes in plain text passwords, hashes them to SHA1 and passes the first few characters of the hash to the API. Currently the haveibeenpwned passwords API only supports plain text passwords or SHA1 hashes.

More info here: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange

leymannx commented 6 years ago

Ah I see. Thanks for clarification. And even if I have a database full of sha1 passwords then I have a even bigger problem :D

DivineOmega commented 6 years ago

My pleasure. :+1: