password: pwned password distance
Currently we check only exact matches for pawned password. It might be more reasonable to calculate some string distance instead. e.g.
jellyfish.jaro_distance("12345", "12346")
0.8666666666666667
Probably it would be wise to propagate only if ratio is > X (e.g. 0.5).
The API would need to change here as well.
{
"result": false,
"list": "haas",
"count": 9999
}
to
{
"result": false,
"pwned": [
{"list": "haas", "password": "12345", "count": 9999, "ratio": 0.867}
]
}