Code Monkey home page Code Monkey logo

Comments (3)

ellieschieder avatar ellieschieder commented on August 17, 2024

I know it's because of the bloom filter (if I get it right.) But the problems are still valid.

from easypwned.

timglabisch avatar timglabisch commented on August 17, 2024

Thanks for the question. regarding logging we have added an endpoint that takes the data via POST - tools that log url's by accident like profiler probably won't touch the sensitive data with that (finger crossed). we ourselves run the tool directly on the system, which validates the passwords anyway. locally.

theoretically, the downloader could offer to hash the data again with a salt when creating the bloom filter - this way, if someone wants to build the bloom filter himself, it would hardly be possible for an attacker to deduce the password from a hash without knowing the salt.

But this is only of limited help. If both systems are on the same server and everything necessary can be found in the ram anyway. the price would also be that you have to build your own bloom filter.

But I would be interested in finding solutions here, so I would appreciate any suggestions. But i would like to find something that is easy to use on the part of the client.

i would like to add that the project is mainly about getting the hibp database small enough through the bloom filter that it is practical to run this container as close as possible to where the passwords are anyway (in memory). I wouldn't want to send such sensitive data through the network, for example.

from easypwned.

ellieschieder avatar ellieschieder commented on August 17, 2024

Thanks for the answer, I adhd´ed the issue /o\

from easypwned.

Related Issues (3)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.