Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity
Troy Hunt
JUNE 30, 2022
Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. SHA-1 is Just Fine for k-Anonymity Let's begin with the actual problem SHA-1 presents. However, what if you could manufacture a hash collision?
Let's personalize your content