All Questions
Tagged with have-i-been-pwned salt
1
question
41
votes
3
answers
19k
views
Is it safe to check password against the HIBP Pwned Passwords API during account registration?
User registers account on a web app. Passwords are salted and hashed.
But is it safe to check the password against the HIBP Pwned Passwords API, before salting and hashing it? Of course the app uses ...