A list of hashed passwords which are disallowed for use in the system when the password rule to disallow common/known compromised passwords is enabled. Currently the expectation is that common passwords will be stored as sha1 hashes.
The SHA1 hash of the disallowed password. The reason for using SHA1 here is that it is compatible with the “Have I Been Pwned” data and API products. We also get some reasonable obscuring of possibly private data.