Pwned Passwords Padding (ft. Lava Lamps and Workers)
The Pwned Passwords API, a part of Troy Hunt's Have I Been Pwned service, has introduced padding in its responses to protect against potential attack vectors that use passive analysis of response sizes. By passing the "Add-Padding" header with a value of "true", users can request padded API responses. The padding consists of randomly generated hash suffixes with usage count set to "0". This feature is expected to be mandatory in the future, once clients have had time to update their implementations.
Company
Cloudflare
Date published
March 4, 2020
Author(s)
Junade Ali
Word count
1270
Language
English
Hacker News points
None found.