Re^3: Replacing crypt() for password login via a digest

Too bad it can't be implemented with an online password checker service!!! Or can it? I surely have a hunch it will be popular.

Do you mean like HaveIBeenPwned? There are even a couple of modules which hook into it:

🦛

Comment on Re^3: Replacing crypt() for password login via a digest - looking for stronger alternative

Replies are listed 'Best First'.
Re^4: Replacing crypt() for password login via a digest - looking for stronger alternative by bliako (Abbot) on Jun 18, 2021 at 09:32 UTC
Good find! And there's a mechanism to not transmit the real password over: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange (saw it via Password::Policy::Rule::Pwned), still I would prefer inhouse service if site is big and serious enough.	[reply]