syst_disallowed_passwords


Description

A list of hashed passwords which are disallowed for use in the system when the password rule to disallow common/known compromised passwords is enabled. Currently the expectation is that common passwords will be stored as sha1 hashes.

Columns

Column Type Size Nulls Auto Default Children Parents Comments
password_hash bytea 2147483647 null

The SHA1 hash of the disallowed password. The reason for using SHA1 here is that it is compatible with the “Have I Been Pwned” data and API products. We also get some reasonable obscuring of possibly private data.

Indexes

Constraint Name Type Sort Column(s)
syst_disallowed_passwords_pkey Primary key Asc password_hash

Relationships

Close relationships within degrees of separation