Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HaveIBeenPwned integration #2073

Closed
rugk opened this issue Jun 26, 2018 · 3 comments
Closed

HaveIBeenPwned integration #2073

rugk opened this issue Jun 26, 2018 · 3 comments

Comments

@rugk
Copy link

rugk commented Jun 26, 2018

Firefox and another password manager are integrating HaveIBeenPwned (HIBP) https://haveibeenpwned.com/ into their products.

As such, I guess this would also be nice for KeePassXC. Actually, see how 1Password there does it, so just

For the privacy-side of things:

  • of course, optional (not sure whether enabled by default though, maybe just ask users with an obvious banner or so when they have not decided yet)
  • see the blog post on how the query is done in a private way; in short it works like this:

    when searching HIBP for a password, the client SHA-1 hashes it then takes the first 5 characters and sends this to the API. In response, a collection of hashes is returned that match that prefix (477 on average).

  • I guess, one may only query a few passwords at the same time, not all of them together

The problem I see, which is described there is:

  • for some reasons, they "proxy" the official API there, but I guess this may not be an issue, because this is just to avoid the rate-limit, you can use the API from the client directly, but have 1.5s delay for each request
@droidmonkey
Copy link
Member

This has been discussed AT LENGTH already in another issue. We are not going to integrate any of these services for reasons discussed.

@rugk
Copy link
Author

rugk commented Jun 26, 2018

Ah dupe of #551, sorry.

@rugk
Copy link
Author

rugk commented Jun 26, 2018

Oh well… no #551 is not really the same. It's rather a dupe of #1083.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants