As a logged in user I can check passwords against haveibeenpwnd / pwndpasswords or a local dump of the above

Q1. What is the problem that you are trying to solve?
Explain with a short paragraph what are you trying to solve with this change request or new feature. Focus on the problem: how would you measure if the problem is solved or the situation better than before?

Passwords entered by users have been seen in a breach and are now in the public - therefore compromised. Troy Hunt, a security expert, runs a free service where you can check if your email address has been in a breach AND a service where you can check if your password has been in a breach. It would be good to get an alert about any passwords you are have added (or the ability to check a password) is in the compromised list.

Q2 - Who is impacted?
How many people are affected by this issue or how many would benefit from this new feature? Is this for everyone or a specific group?
Everyone storing a password.

Q3 - Why is it important and/or urgent?
Is it strategic? Does it help us achieve your own community objectives? Is it linked to another project that can have a big impact?

It’s important because you could be storing passwords encrypted in your DB, yet that password is ALREADY available out of the internet.

Q4 - What is your proposed solution? (optional)
Use this section to describe how you would solve this problem if you have a preference or ideas on how to move forward. The more complete the proposal the better, so feel free to add:

  • user stories. Examples: as a logged in user I receive an email notification when a password is changed.
  • test scenario in the “given, when, then” format
  • additional functional / non functional requirements.
  • screenshots/wireframes

Two ways of doing this

  1. Download the sha1 sums (500million of them) and use them to compare the password. This would be good if your system doesn’t have access to the internet (although the browser of the user would be doing the request.) - also means people have to download data again when it’s updated.

  2. Do the call to the API that tells you if a password is in a compromise. tl;dr of how it’s done. You send the API the first 5 characters of the sha1 of the password you are testing. The site returns the rest of the hash and a digit for how many times (in 1 or more breaches) that password has been found. This allows you to decide is the password only has 1 time been used (not common) vs 1000+ times (very common.)

So - how would it be used in Passbolt.

  1. When you enter the password for the first time into the system - you do 1 or 2 from above and decide if you want to change the password on your system and therefore in Passbolt. (maybe an icon in red saying this indicates this password has been found in a breach - recommend to change it) - therefore checked before encrypting with PGP.

  2. Existing passwords - have an option to be checked against the data (1 or 2 above) - the user would have to be able to decrypt and ‘view’ the password in Passbolt database.

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

1 Like