Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider using unpwn to reduce API calls #20

Open
eliotsykes opened this issue Sep 23, 2019 · 1 comment
Open

Consider using unpwn to reduce API calls #20

eliotsykes opened this issue Sep 23, 2019 · 1 comment

Comments

@eliotsykes
Copy link

Consider using the unpwn gem to check passwords locally https://github.com/indirect/unpwn

Unpwn checks passwords locally against the top one million passwords, as provided by the nbp project. Then, it uses the haveibeenpwned API to check proposed passwords against the largest corpus of publicly dumped passwords in the world.

As a bonus, if the haveibeenpwned API is down, at least there's still some checks applied.
@TylerRick
Copy link
Contributor

Not a bad idea!

Too bad it would render use of https://github.com/philnash/pwned library redundant. I feel like pwned is a more solid library, and certainly seems more configurable, so I'd personally prefer to keep using it (but my bias may be unfounded).

It seems pretty unlikely that the haveibeenpwned API would go down for a significant length of time...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TylerRick @eliotsykes