mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-16 08:54:01 -05:00
how does the password quality checks work? #3994
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @jhaar on GitHub (Aug 1, 2019).
Wow - this is amazing - so simple to set up as a docker image behind my apache reverse proxy. Well done!
So I've got firefox plugin, website and Android bitwarden app all working just fine. However, the password quality check - how did you even make that work? and is it via haveibeenpwned?
ie I'm under the impression the server only has a copy of my encrypted "blob" of passwords, so what is recovering the cleartext passwords, converting them into SHA1 hashes and then doing the haveibeenpwned API calls in order to see if they're stolen/etc? Is that all javascript in my browser? That's the only way I could imagine this being done "securely"/privately
Thanks for all the work!
Jason
@mprasil commented on GitHub (Aug 1, 2019):
Hi @jhaar, you're right, it's all done on client side, so kudos to upstream. Server gets only encrypted blobs. Hope that answers your question. Closing this, but feel free to reopen if you need more information.