Skip to content

I suggest you ...

← General

Add search passwords by a hash value

Let users use pre-generated hash values to search. Yeah, I know you calculate hashes of typed passwords on a client side, but some people still prefer not to type their password on 3rd party sites.

25 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Alexey Razumov shared this idea  ·   ·  Report…  ·  Admin →

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • JR commented  ·   ·  Report

    You could tweak this github repository to query for your own local text list of passwords: https://github.com/jsrozner/DashlanePwnedPasswordCheck

    The code performs encryption on your computer and then sends the query to API with hash only. Your password is never submitted over the internet.

  • JE commented  ·   ·  Report

    I can certainly understand a reluctance to enter passwords on third party sites, but it becomes a matter of who you trust. People enter passwords online all the time, and HIBP is a secure site. So, as long as they are not storing passwords in the clear, I don't see a reason to be concerned.

    Besides, I'm going to assume that the hashes generated client-side may contain a "salt" value and therefore, any hash entered manually by a user (without knowing the salt value) is unlikely to match what's in the HIBP database.

General

Categories

Feedback and Knowledge Base

(thinking…)