•  
      request #14646 Enable the use of padding when querying the Have I Been Pwned API
    Infos
    #14646
    Thomas Gerbet (tgerbet)
    2020-03-06 11:19
    2020-03-06 08:54
    15897
    Details
    Enable the use of padding when querying the Have I Been Pwned API
    The HIBP API has recently been extended to prevent an attacker with the capability to observe the traffic to determine which bucket is being queried.


    References:
    https://blog.cloudflare.com/pwned-passwords-padding-ft-lava-lamps-and-workers/
    https://www.troyhunt.com/enhancing-pwned-passwords-privacy-with-padding/
    https://haveibeenpwned.com/API/v3#PwnedPasswordsPadding
    Other
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-03-06
    Attachments
    Empty
    References

    Follow-ups