Remove Consumer Services Remove Identity Theft Remove Password Management
article thumbnail

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

It's also a slower hashing algorithm; still totally unsuitable for storing user passwords in an online system, but it can have a hit on the consuming service if doing huge amounts of calculations. Integrity doesn't matter because there's no value in modifying the source password to forge a colliding hash.

Passwords 309