Forum Discussion

Super Contributor

3 years ago

5 characters- collision

i know 1password used haveibeenpwned. according the website "When you search Pwned Passwords The Pwned Passwords feature searches previous data breaches for the presence of a user-provided pass...

windows

Former Member

3 years ago

pathfinder76 You didn't read the complete password checking description. The first 5 characters of the hash are sent to HIBP, then HIBP sends back every hash known from some breach that starts with these 5 characters. As far as I remember, it's about 5-30 hashes you're getting this way. This is then checked by some Javascript locally in your browser, and if one of these hashes match, it's reported. HIBP doesn't get notified which of the hashes actually matched or whether one matched at all.

Forum Discussion

5 characters- collision

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Import/Export Passkeys

Filling and saving passwords is turned off

Suggestion: Rich Icons from URL

Unlock 1Password with Apple Watch still failing

Safari Extension won't fill if too many tabs open