jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-07-23 17:27:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

supervisor-pwned (#16730)

Browse Source 
Co-authored-by: Fabian Affolter <mail@fabian-affolter.ch>
Co-authored-by: Franck Nijhof <git@frenck.dev>
This commit is contained in:
Pascal Vizeli 2021-02-26 14:50:16 +01:00 committed by GitHub
parent 434af1332d
commit 93e7236b24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source/more-info/pwned-passwords.markdown Normal file
View File

@ -0,0 +1,14 @@
---
title: "Pwned passwords and secrets"
description: "More information on detected pwned secrets in Home Assistant."
---
We are using the [Have I Been Pwned (HIBP)](https://haveibeenpwned.com/Passwords) service for detecting leaked or compromised secrets, like passwords.
If you get a warning about it, it means that you are using secrets in your configuration which have been leaked and are publicly known. It is strongly advised to change these secrets with a more secure alternative as soon as possible.
Please note; this feature does not send out your secrets to check this. Your secrets and privacy is guaranteed by a [K-Anonymity][k-anonymity]. Your secrets are hashed, the first 5 characters of the hash result are used to query Have I Been Pwned. Have I Been Pwned returns the results of possible password hashes that match, we check the last part of the password hash against this list locally.
[Read more about K-Anonymity on this CloudFlare blog post][k-anonymity].
[k-anonymity]: https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/