All Questions
Tagged with have-i-been-pwned hash
2
questions
1
vote
1
answer
175
views
Is it possible to check for pwned/common passwords using salted hashes of the passwords?
If I administer a webpage that allows users to create accounts, and assuming I don't keep or even ever have access to plaintext passwords, is it possible for me to detect that one of my users is using ...
41
votes
3
answers
19k
views
Is it safe to check password against the HIBP Pwned Passwords API during account registration?
User registers account on a web app. Passwords are salted and hashed.
But is it safe to check the password against the HIBP Pwned Passwords API, before salting and hashing it? Of course the app uses ...