search

originaluko / haveibeenpwned

Identify pwned accounts and passwords via the "Have I been pwned?" (https://haveibeenpwned.com) API.
MIT License
57 stars 18 forks source link

Update Get-PwnedPassword to use K-anonymity only #2

Closed plaintextcity closed 6 years ago

plaintextcity commented 6 years ago

Update Get-PwnedPassword to use K-anonymity only, using range selection.

https://www.troyhunt.com/enhancing-pwned-passwords-privacy-by-exclusively-supporting-anonymity/

My first pull had a bug pulling out the pwn count, this should be fixed. I recommend removing plaintext password input to align with Troy's changes but defer to the project owner.

originaluko commented 6 years ago

Thanks for contributing the update @plaintextcity. I've been wanted to make these changes for a while so I'm glad that you did it. There may still be some issues with pwn count in PowerShell Core. This threw me until I realised I was using Core but this was never designed for Core so I'm happy to commit.

plaintextcity commented 6 years ago

Hi, Thanks for sharing your code. I haven't moved to Core yet, I plan on doing that, and updating scripts of mine that don't depend on AD or other Windows cmdlets.