Troy Hunt, creator of •Have I Been Pwned • Besides being Microsoft Regional Director and MVP, had already pre-announced last year the intention to make open

Information Security expert recently shared several important news related to Have I Been Pwned.

The first is that its project has now actually started the open source transition path, with the support of the.NET Foundation, an independent and non-profit organisation founded in 2014 to support an innovative ecosystem, commercially ‘friendly’ and open source around the

Making Have I Been Pwned open source was not an easy or trivial task, Troy Hunt explained, but he was convinced that it was the right thing to do for the longevity of the project.

There are many reasons that make it difficult to take something that has been managed as a personal project for years and move it into the public domain.

Some experience is needed in managing an open source project, knowing how to establish the license model, coordinating where the community should invest its efforts, taking contributions, redesigning the release process and more.

And that’s where the.NET Foundation came in.

After announcing the intention to move to the open source, the story of Troy Hunt continues, the executive director of.NET Foundation Claire Novotny contacted him and offered him the support of the foundation, thus starting the transition to the new course.

The support of the.NET Foundation for open source conversion is useful for the project characteristics and the work began with Pwned Passwords for a number of reasons, including technical, underlined Hunt.

Because it has a very simple basic code consisting of Azure Storage, a single Azure Function and a Cloudflare Worker. It has its own domain, its own Cloudflare account and its Azure services, so it can be easily made open source regardless of the rest of Have I Been Pwned.

In addition, it is entirely non-commercial, without API costs or enterprise services like other parts of Have I Been Pwned and data at the base of Pwned Passwords are already freely available in the public domain through downloadable hash sets

For these reasons, it was possible to make in many ways a simple… lift and shift to migrate Pwned Passwords into the open source.

In addition, Pwned Passwords is now an important part of many online services and this move ensures that anyone can run their own instance of Pwned Passwords if they want.

But what Pwned Passwords really needs to be successful, then highlighted Troy Hunt, are new passwords as they are compromised. And this is where the second important new feature comes in, which concerns the FBI.

The FBI and Troy Hunt started a comparison on the possibility that the US government agency could provide a password feed compromised in Have I Been Pwned and bring it up through the Pwned Passwords function.

The common goal of the FBI and the founder of the site is to protect people from takeover accounts by proactively warning them when their password has been compromised.

Integrating these passwords into Have I Been Pwned gives the FBI the opportunity to do so almost a billion times a month, said Troy Hunt.

Leave a Reply

Your email address will not be published.

You May Also Like