SHA-1("") return pwned 7 times, 3ee5e6b4b0d3255bfef95601890afd80709:7
SHA-1("") == da39a3ee5e6b4b0d3255bfef95601890afd80709
https://api.pwnedpasswords.com/range/da39a return list with 3ee5e6b4b0d3255bfef95601890afd80709:7
I understand that an empty string can't be a password. But is this still a mistake or are there other passwords with a similar hash?
1
vote
Alexandr Hotko
shared this idea
Occasionally some invalid data slips into Pwned Passwords due to how it was structured in the source or how we parsed it out. It has no tangible impact on the way the service operates and isn’t worth going through the cleanup process on.