All Questions

Ask Question

2 questions

1 vote

1 answer

175 views

Is it possible to check for pwned/common passwords using salted hashes of the passwords?

If I administer a webpage that allows users to create accounts, and assuming I don't keep or even ever have access to plaintext passwords, is it possible for me to detect that one of my users is using ...

terdon

asked Oct 10, 2023 at 9:50

41 votes

3 answers

19k views

Is it safe to check password against the HIBP Pwned Passwords API during account registration?

User registers account on a web app. Passwords are salted and hashed. But is it safe to check the password against the HIBP Pwned Passwords API, before salting and hashing it? Of course the app uses ...

Bitenieks

asked Mar 12, 2018 at 15:24

Stack Exchange Network

All Questions

Is it possible to check for pwned/common passwords using salted hashes of the passwords?

Is it safe to check password against the HIBP Pwned Passwords API during account registration?

Hot Network Questions

All Questions

Related Tags