pub(super) async fn check_password_exposed(
http_client: &Client,
password: &str,
hibp_base_url: &str,
) -> Result<u32, CipherRiskError>Expand description
Check password exposure via HIBP API using k-anonymity model.
Implements k-anonymity to ensure privacy:
- Hash password with SHA-1
- Send only first 5 characters of hash to HIBP API
- API returns all hash suffixes matching that prefix
- Check locally if full hash exists in results
This ensures the actual password never leaves the client. Returns the number of times the password appears in HIBP database (0 if not found).