Closed dewey closed 5 years ago
dominikschulz
commented
5 years ago Yeah, that is unfortunate. Once this becomes effective this feature will stop working. We may want to provide a way to supply an API key, but that's terrible UX compared to the current state.
dewey
commented
5 years ago Actually I just read up on it in detail and the HIBP changes only affect lookups by email while gopass only does lookup by partial password hashes which are not affected by the changes.
One important distinction: this doesn't apply to the APIs that don't pull back information about an email address; the API listing all breaches in the system, for example, is not impacted by any of the changes outlined here.
dominikschulz
commented
5 years ago Oh, thanks a lot. I did only skim over that post. In that case we should be fine. Feel free to close this issue if you agree.
dewey
commented
5 years ago I missed it on my first read too, apparently he made it clearer in an edit later on. Closing this.
Hey,
the API used in https://github.com/gopasspw/gopass/blob/master/pkg/hibp/api/client.go will be deprecated in a month and won't work without a (paid) API key:
https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/