search

PhilippC / keepass2android

Password manager app for Android
https://play.google.com/store/apps/details?id=keepass2android.keepass2android
GNU General Public License v3.0
4.69k stars 378 forks source link

Compare entries with known breaches #1663

Open Indubius opened 3 years ago

Indubius commented 3 years ago

I'd love kp2a to compare entries with known breaches automatically.

WebworkrNet commented 3 years ago

The much-cited service "HaveIBeenPwned" offers an API: https://haveibeenpwned.com/API/v3

The provider mobilbox.org, which is said to have a high level of security, has implemented this feature. I therefore assume that this should be possible without compromising the encryption and thus the security level.

In any case, such a function should only be offered as an option. Data may only be transferred with the explicit consent of the user.

Indubius commented 3 years ago

Sounds amazing. I really hope Philip or someone supporting him has the time to check it. Unfortunately I don't have the ability to do.

And I agree, no action without explicit consent.

PhilippC commented 3 years ago

note that this is possible on the PC: https://github.com/mihaifm/HIBPOfflineCheck