#893 Integration of PasswordLeakCheckerWebservices

[Claus Berghammer]

Hello :)

I love PWSafe, but I really have an jealous eye on other PasswordManagers, who have already integrated APIs from PassswordCheckerWebservices like "have i been pwned?" I self have written a powershell-skript that uses this API to check leakage of Passwords. But its extremely anoying to copy every single passwort out of PWSafe and into my skript. So, integration of trustworthy services into PWSafe would be a great addition. Of course Passwords should never be transmitted as clear text, and with the HIBP-API you dont even have to transmit the whole hash. Thats why it looks trustworthy to me (if you do all the hashing and comparing in a local trustworthy app/skript, and not in the webbrowser ;)).

So, is there hope, to see integration of such a service in PasswordSafe?

Regards, Claus

[Rony Shapiro]

Ticket moved from /p/passwordsafe/bugs/1489/

[Rony Shapiro]

The main problem here is that using such a service requires PasswordSafe opening a connection to an untrusted site with the password database loaded.

Perhaps a usable compromise would be an export function that exports the sha1 hashes of the stored passwords, that can then be used by a script/tool of your choice to call the API?

[Claus Berghammer]

Thanks for your reply :) OK, its sad to not get that function into PasswordSafe, but I understand your concern. So yes, an API to allow scripted export of the necessary data would be great. So I could retrieve the Data from PasswordSafe and check it with a powershell-script.