PwnedPasswords
in package
Read onlyYes
A service providing a check against a Pwned Passwords API. This is a separate service from the {@link User} service to prevent cyclic dependencies.
Table of Contents
Properties
- $pwnedPasswordsHost : string
Methods
- __construct() : mixed
- isPasswordLeaked() : bool
- Check a password against a Pwned Passwords instance to determine if it was leaked in a public breach. To not send the plaintext password over the internet, we SHA1 it. This is different from the official Pwned Passwords API, were only the first few characters of the hash are transmitted.
Properties
$pwnedPasswordsHost
private
string
$pwnedPasswordsHost
Methods
__construct()
public
__construct(string $pwnedPasswordsHost) : mixed
Parameters
- $pwnedPasswordsHost : string
isPasswordLeaked()
Check a password against a Pwned Passwords instance to determine if it was leaked in a public breach. To not send the plaintext password over the internet, we SHA1 it. This is different from the official Pwned Passwords API, were only the first few characters of the hash are transmitted.
public
isPasswordLeaked(string $password) : bool
The GEWIS version of Pwned Passwords uses a gigantic bloom filter to store the passwords as that is more efficient, however, the trade-off is having to use the full hash.
This function returns true iff the password is known to be leaked. All other cases, including failures to make
the request will return false.
Parameters
- $password : string