I think the totalPasswords integer is calculated wrongly. Its currently calculated as
// Get total passwords by dividing by SHA length + 2 - 1
int totalPasswords = (bytes / 42) - 1;
Makes sense, hashes are formatted like this.
000000005AD76BD555C1D6D771DE417A4B87E4B4:4 (first hash in SHA1 V5 ordered by hash HIBP dataset)
So i'm guessing the "+2" are for the ':' and the x amount of times a password has been seen.
Herein lies the problem however, many hashes also have a 'x' > 9.
For example
00000000DD7F2A1C68A35673713783CA390C9E93:630 (third hash in SHA1 V5 ordered by hash HIBP dataset)
Over the many millions of passwords, this adds up quite quickly. According to the PwnedPasswordsDLL, there are 578 million passwords in the dataset, whilst there are only 551 million.
Im not sure yet what problems this could cause, but unlikely to be desirable.
I think the totalPasswords integer is calculated wrongly. Its currently calculated as
// Get total passwords by dividing by SHA length + 2 - 1int totalPasswords = (bytes / 42) - 1;Makes sense, hashes are formatted like this.
000000005AD76BD555C1D6D771DE417A4B87E4B4:4 (first hash in SHA1 V5 ordered by hash HIBP dataset)
So i'm guessing the "+2" are for the ':' and the x amount of times a password has been seen.
Herein lies the problem however, many hashes also have a 'x' > 9.
For example
00000000DD7F2A1C68A35673713783CA390C9E93:630 (third hash in SHA1 V5 ordered by hash HIBP dataset)
Over the many millions of passwords, this adds up quite quickly. According to the PwnedPasswordsDLL, there are 578 million passwords in the dataset, whilst there are only 551 million.
Im not sure yet what problems this could cause, but unlikely to be desirable.