> Secure: no passwords are ever stored or shared over the network. PassProtect uses k-Anonymity which means that the only thing that is sent over the network are the first 5 characters of the password hash
I haven't heard of k-Anonymity, so maybe I'm misunderstanding, but wouldn't there be a high rate of collision if you're only testing 5 characters? Seems like you'd match a lot of uncompromised hashes.
What it does is request a block of hashes from the server with a given 5-hex-digit prefix (ie, 20 bits). Then inside the browser it scans the block for the exact hash.
Yes, there will be collisions. You take the result of the API call, and compare them locally to the password you are checking to see if it’s in the list.
Yea it would seem like it, and worse you may drive users to adopt a 'less secure' passphrase because the first 5 characters of the hash of their super complex/long passphrase might collide with the first 5 characters of the hash of 'password1', so they may pick a weaker passphrase just to get the system to accept it?
Note that the returned hashes omit the first 5 characters, since that would be a waste of resources.
You should also note that ALL possible combinations of 5 characters return at least 300 results. So it doesn't make sense to use this API any other way.
A few years ago I added a featuregg to the site I worked on at the time, where it would reject correcthorsebatterystaple as a password with an error message acknowledging their impeccable taste and a link to a relevant xkcd.
At some point they made a number and a special character a requirement in the password and the code was either stripped (or still sat there and never triggered). The irony isn't entirely lost on me.
