loading...

Discussion on: Validate your passwords using Elixir and haveibeenpwned.com's API

Collapse
lietux profile image
Janne "Lietu" Enberg

A couple of quick comments:

You keep claiming the "hash" function returns only the first 5 characters of the hash, which it does not, and should not or the thing wouldn't work.

It seems quite pointless to go through a transformation of a clear list into an inefficient format. It's something I see pretty regularly and it confuses me why not do the matching when looping through the result the first time, so e.g.

  1. Split into lines with \r\n like you already do
  2. Filter into lines whose start matches the hash tail
  3. Split the results (at most one) with the :
  4. Return the number after the : or nil

?

Collapse
fteem profile image
Ilija Eftimov Author

That's actually a very solid point. It's probably a trap of some sort where the author wants to make the article a bit more interesting for the reader which backfires. Both of your points are correct - the wording should be fixed and the general algorithm should be simplified, which I will do ASAP. Thanks for reading & the feedback!

Collapse
lietux profile image
Janne "Lietu" Enberg

Actually there's a small problem with the solution I suggested as well - technically two different passwords may end up with the same SHA1 hash result, so in the last step you should return a sum of them :)