“Already owned by me” code base is now open source


The founder, Troy Hunt, also announced that the platform will receive leaked passwords discovered by the FBI during an investigation.

The founder, Troy Hunt, announced today that the free website “Do I already have it (HIBP)”, which millions of people use to check whether their credentials have been compromised, has open sourced its code base.

Hunter first mentioned the plan to open up the HIBP code base last summer. Now, with requests for the website Pwned Passwords approaching 1 billion per month, he has confirmed that the website is officially open sourced through the independent 501(c) non-profit organization .NET Foundation.

Hunt explained in a blog post that there are many reasons why Pwned Passwords works well in the open source model, which is why he decided to start there.

First, Pwned Passwords has a simple code base, which includes Azure storage, an Azure function and a Cloudflare worker. It also has its own domain, Cloudflare account and Azure service, so it can be selected and open sourced independently of the rest of HIBP.

In addition, he added that it is non-commercial and, like other parts of HIBP, there are no API fees or corporate services. Finally, the data that drives the public password is already available for free in the public domain through downloadable hash sets.

Hunter wrote: “So, as everyone knows, I can “upgrade and transfer” the passwords I already have to the open source field in a very simple way, which makes it an obvious starting point. He added that this is also a good time. Because it has become part of many online services, and this ensures that anyone can run their own instances of Pwned Passwords. He hopes this will encourage the adoption of the service.

Hunter also announced today that HIBP will obtain the leaked password discovered by the FBI investigation. He explained that the website will provide officials with a way to enter the password into HIBP and display the password through the “Password Owned” tool. He added that these passwords will be provided in the form of SHA-1 and NTLM hash pairs, which is consistent with the current storage structure of Pwned Passwords, and pointed out that he does not need passwords in plain text.

Read Hunt’s full blog post for more information.

“Dark Reading Bulletin” briefly introduced the importance of breaking news events and provided a summary. For more information about the original source of the news item, please click on the link provided in this article.View the complete bio

Recommended reading:

More insights

Related Articles

Back to top button