/plushcap/analysis/cloudflare/pwned-passwords-padding-ft-lava-lamps-and-workers

Pwned Passwords Padding (ft. Lava Lamps and Workers)

What's this blog post about?

The Pwned Passwords API, a part of Troy Hunt's Have I Been Pwned service, has introduced padding in its responses to protect against potential attack vectors that use passive analysis of response sizes. By passing the "Add-Padding" header with a value of "true", users can request padded API responses. The padding consists of randomly generated hash suffixes with usage count set to "0". This feature is expected to be mandatory in the future, once clients have had time to update their implementations.

Company
Cloudflare

Date published
March 4, 2020

Author(s)
Junade Ali

Word count
1270

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.