-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email is case sensitive #976
Comments
Good catch, and thanks for filing. This is a limitation of our hash range query API design with Have I Been Pwned. (Because hash functions are case-sensitive.) We've discussed fixing some of this by querying for some common case variants - e.g., Some.Email@gmail.com, some.email@gmail.com, SOME.EMAIL@GMAIL.COM, etc. But ultimately, the properties of the hash range query severely limits what we can do here. |
I think it would be great to:
|
Initial monitor was showing my e-mail as having multiple leaks in the past, while logging in now is showing 0 -- curious why this is I was asked over Slack to comment here stating my own findings as well. |
Note: when we scan from the home page, we lowercase the user input. When we scan a user's FxA email address, we don't. That will account for the discrepancy here. It looks as though Troy normalizes email addresses to lowercase when he loads them into HIBP, so we should make this consistent, and lowercase our scans for FxA and the added email addresses too. |
Just saw this again- I would've been notified about a breach if I hadn't capitalized the email address when signing up for Firefox Sync. |
Yup, we're working on fixing the capitalization issue across the site ... #1188 (review) |
for #976: tweaks to log and exit lower-casing script
This should be fixed and deployed now! |
Confirmed 🎉 |
I registered an Firefox Account with
sOmE.eMaiL@gmail.com
. When I open Firefox Monitor it shows no security breaches, and when I manually do a check forsome.email@gmail.com
- it shows some breaches.The text was updated successfully, but these errors were encountered: