Categories
PHP Programming

Password check using k-Anonymity

I have just checked in a PHP function to github where you can check passwords using k-Anonymity.
Your password will be hashed using SHA1 and only the first 5 characters of this hash will be send over the internet, so no passwords will go over the public internet!

This partial-hash will then request a overview of all compromised passwords starting with this partial-hash and will be downloaded to your server.
You will then locally check if the full hash is found inside the downloaded list. If so, your password is compromised!

You can then recommend the user to use a different password or just force the user to choose a different password!

Leave a Reply

Your email address will not be published. Required fields are marked *