{"id":262049,"date":"2021-05-28T20:43:52","date_gmt":"2021-05-28T17:43:52","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/have-i-been-pwneds-password-program-is-now-open-source-accepting-data-from-fbi-review-geek\/"},"modified":"2021-05-28T20:43:52","modified_gmt":"2021-05-28T17:43:52","slug":"have-i-been-pwneds-password-program-is-now-open-source-accepting-data-from-fbi-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/have-i-been-pwneds-password-program-is-now-open-source-accepting-data-from-fbi-review-geek\/","title":{"rendered":"#Have I Been Pwned\u2019s Password Program Is Now Open Source, Accepting Data from FBI \u2013 Review Geek"},"content":{"rendered":"

“#Have I Been Pwned\u2019s Password Program Is Now Open Source, Accepting Data from FBI \u2013 Review Geek”<\/strong><\/p>\n

\n
\"\"
Have I Been Pwned<\/a><\/span><\/figcaption><\/figure>\n

Nearly a year ago, the data breach tracking platform Have I Been Pwned<\/a> (HIBP) announced plans to become an open source project. The first step in that transition is now complete\u2014HIBP\u2019s Pwned Passwords code is open source and available on GitHub<\/a>. The change provides transparency for HIBP, and oddly enough, opens the door to contributions from the FBI.<\/p>\n

Have I Been Pwned keeps track of data breaches and collects stolen data, allowing people to check if their email addresses or passwords have been compromised. Now that HIBP is open-sourcing its Pwned Passwords code, it can accept contributions from the FBI and other organizations that may have insight into data breaches and cybercriminal activity.<\/p>\n

In other words, the FBI isn\u2019t meddling with HIBP\u2019s code. It\u2019s just giving data to HIBP in the form of secure SHA-1 and NTLM hash pairs (not plaintext). Bryan A. Vorndran, Assistant Director of the Bureau\u2019s Cyber Division, states that the FBI is \u201cexcited to be partnering with HIBP on this important project to protect victims of online credential theft.\u201d<\/p>\n

\n

I\u2019m very happ<\/a>y to announce that @haveibeenpwned<\/a>\u2019s Pwned Passwords is now open source under the @dotnetfdn<\/a>. Now we\u2019ve got some work to do: building an ingestion pipeline for new passwords provided by the @FBI<\/a> on an ongoing basis. This is super cool \ud83d\ude0e https:\/\/t.co\/iM17zemmwE<\/a><\/p>\n

\u2014 Troy Hunt (@troyhunt) May 27, 2021<\/a><\/p>\n<\/blockquote>\n

But why start with the Pwned Passwords code? According to HIBP founder Troy Hunt, open-sourcing Pwned Passwords was just the easiest place to start. Pwned Passwords is basically independent from the rest of HIBP with its own domain, CloudFlare account, and Azure services. Plus, it\u2019s non-commercial, and its data is already available to the public in downloadable hash sets.<\/p>\n

Hunt hopes that open-sourcing Pwned Passwords will provide greater transparency for the HIBP service and allow people to wrap their own Pwned Passwords tools. It\u2019s a big change from 2019, when Hunt considered selling HIBP.<\/p>\n

You can find the Pwned Passwords code on GitHub<\/a> licensed under the BSD-3 Clause<\/a>. The open-sourcing process is still ongoing, and Hunt is asking people in the open source community to help HIBP develop an ingestion pipeline for contributors like the FBI.<\/p>\n

Source: Have I Been Pwned via ZDNet<\/a><\/small>\n<\/div>\n