Add support for padding when checking for pwned passwords

akamsteeg / AtleX.HaveIBeenPwned

A fully async .NET Standard client library for the API of HaveIBeenPwned.com

https://www.nuget.org/packages/AtleX.HaveIBeenPwned/

MIT License

5 stars 0 forks source link

Add support for padding when checking for pwned passwords #55

Closed akamsteeg closed 3 years ago

akamsteeg commented 3 years ago

The HaveIBeenPwned API has an option to pad responses with bogus data. This is an additional security measure so a MITM cannot determine passwords from the size of the response. We should add support for this to the library.

akamsteeg commented 3 years ago

Fixed in 2842cfcc34c308de1bf004bfa9823a0f81e8fa29