search

HaveIBeenPwned / PwnedPasswordsDownloader

A tool to download all Pwned Passwords hash ranges and save them offline so they can be used without a dependency on the k-anonymity API
BSD 3-Clause "New" or "Revised" License
605 stars 44 forks source link

Update notifications #31

Closed FreifunkerEZ closed 1 year ago

FreifunkerEZ commented 1 year ago

Hellows! Thank you for the service. You enabled us to get rid of quarterly PW changes. <3

From the 'PwnedPasswordsSpeedChallenge'-repo, it seems like synchronously querying the range-API is encouraged. But the presence of the downloader implies, that going offline is also acceptable.

For us downloaders, how will we know, when new passwords have been added? https://haveibeenpwned.com/Passwords does not talk about "versions" anymore. I do not want to load systems with regular full downloads. diff-ing partial downloads are not guaranteed to find changes with 1M sections to inspect.

I found this header on the API. last-modified | Tue, 28 Feb 2023 17:50:21 GMT Currently, it is clearly in the past. Will it be updated on all ranges, if a single hash is added somewhere?

Have I missed something? Cheers! chris :)

FreifunkerEZ commented 1 year ago

LoL. And closing as a duplicate of #29