Date: Sun, 29 Jul 2018 11:52:42 +0000 (UTC) From: Stefan Esser <se@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r475648 - head/security/pwned-check Message-ID: <201807291152.w6TBqgrL010480@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: se Date: Sun Jul 29 11:52:42 2018 New Revision: 475648 URL: https://svnweb.freebsd.org/changeset/ports/475648 Log: Add information about support of the online check to the package description. Approved by: antoine (implicit) Modified: head/security/pwned-check/Makefile head/security/pwned-check/pkg-descr Modified: head/security/pwned-check/Makefile ============================================================================== --- head/security/pwned-check/Makefile Sun Jul 29 11:51:20 2018 (r475647) +++ head/security/pwned-check/Makefile Sun Jul 29 11:52:42 2018 (r475648) @@ -2,14 +2,14 @@ # $FreeBSD$ PORTNAME= pwned-check -PORTVERSION= 2.0 +PORTVERSION= 2.2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= # DISTFILES= # MAINTAINER= se@FreeBSD.org -COMMENT= Check whether password is known to have been exposed in data breaches +COMMENT= Check whether password is known to have been exposed in a data breach LICENSE= BSD2CLAUSE Modified: head/security/pwned-check/pkg-descr ============================================================================== --- head/security/pwned-check/pkg-descr Sun Jul 29 11:51:20 2018 (r475647) +++ head/security/pwned-check/pkg-descr Sun Jul 29 11:52:42 2018 (r475648) @@ -2,9 +2,17 @@ Pwned Passwords are hundreds of millions of real world data breaches. This exposure makes them unsuitable for ongoing use as they are at much greater risk of being used to take over other accounts. -This script uses a downloaded copy of the pwned passwort hashes available -from https://haveibeenpwned.com/Passwords/ to allow passwords to be locally -checked, whether they are known to have been obtained in a data breach and -therefore should not be used. +This script offers 2 methods to check whether a password has been exposed +in an uncovered breach: + +1) Online check implemented in such a way that the password to be checked + does not need to be sent to the remote database server. + +2) Local check against a copy of the pawned passwords database. + +Since the local copy of the database requires nearly 20 GB of disk space +(and a download of more than 10 GB of compressed data) the access via the +online check should be preferred, if the compatible with operational and +security requirements. WWW: https://haveibeenpwned.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807291152.w6TBqgrL010480>