HaveIBeenPwned integration

[rugk]

Firefox and another password manager are integrating HaveIBeenPwned (HIBP) https://haveibeenpwned.com/ into their products.

As such, I guess this would also be nice for KeePassXC. Actually, see how 1Password there does it, so just

For the privacy-side of things:

• of course, optional (not sure whether enabled by default though, maybe just ask users with an obvious banner or so when they have not decided yet)
• see the blog post on how the query is done in a private way; in short it works like this:

  when searching HIBP for a password, the client SHA-1 hashes it then takes the first 5 characters and sends this to the API. In response, a collection of hashes is returned that match that prefix (477 on average).

• I guess, one may only query a few passwords at the same time, not all of them together

The problem I see, which is described there is:

• for some reasons, they "proxy" the official API there, but I guess this may not be an issue, because this is just to avoid the rate-limit, you can use the API from the client directly, but have 1.5s delay for each request

[droidmonkey]

This has been discussed AT LENGTH already in another issue. We are not going to integrate any of these services for reasons discussed.

[rugk]

Ah dupe of https://github.com/keepassxreboot/keepassxc/issues/551, sorry.

[rugk]

Oh well… no https://github.com/keepassxreboot/keepassxc/issues/551 is not really the same. It's rather a dupe of https://github.com/keepassxreboot/keepassxc/issues/1083.