Project description

PwnedPwd

Have my passwords been compromised?

Project page
https://github.com/ratoaq2/pwnedpwd

Info

PwnedPwd is a tiny CLI tool which uses the online service Pwned Passwords to check whether a given password have been compromised in known data breaches. Credits to Troy Hunt for hosting such service.

How it works?

Given the input password, this tool will

hash it using SHA-1 algorithm, resulting in a 40-characters hexadecimal string
Use the first 5 characters from the generated string to query the online service
The online service returns a list of all matching hashes for the given prefix
Verify if your SHA-1 hash is present in the response

For instance, given an input password P@ssword

SHA-1 hash is 9E7C97801CB4CCE87B6C02F98291A6420E6400AD
The first 5 characters are 9E7C9
We query the online service using GET https://api.pwnedpasswords.com/range/9E7C9

The online service returns a list of all matching hashes (777 hashes for this example):

...
77B1EE4BF1B49FEB288C7FC65EE604C0C54:24
780087028CF36AF6A5A1DCF096748FB7090:10
7801CB4CCE87B6C02F98291A6420E6400AD:10848
782545129CEA7F3BD1A076F25B94C064CFE:3
788872DE964354319100FCE0EF4DEA00311:4
...

We verify that 7801CB4CCE87B6C02F98291A6420E6400AD is present and have 10848 occurrences in data breaches

About Pwned Passwords

Extracted from their website:

Pwned Passwords are more than half a billion passwords which have previously been exposed in data breaches. The service is detailed in the launch blog post then further expanded on with the release of version 2. The entire data set is both downloadable and searchable online via the Pwned Passwords page. In order to protect the value of the source password being searched for, Pwned Passwords also implements a k-Anonymity model that allows a password to be searched for by partial hash.

Detailed information can be found

Installation

$ [sudo] pip install pwnedpwd

Usage

$ pwnedpwd
Password: ******
[GOOD] Password is not present in any known data breach. (source https://haveibeenpwned.com/Passwords)

$ pwnedpwd
Password: 12345
[BAD] Password appeared 2570791 times in data breaches. (source https://haveibeenpwned.com/Passwords)

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.1.0

Feb 1, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pwnedpwd-0.1.0.tar.gz (4.2 kB view hashes)

Uploaded Feb 1, 2023 Source

Built Distribution

pwnedpwd-0.1.0-py3-none-any.whl (4.2 kB view hashes)

Uploaded Feb 1, 2023 Python 3

Hashes for pwnedpwd-0.1.0.tar.gz

Hashes for pwnedpwd-0.1.0.tar.gz
Algorithm	Hash digest
SHA256	`03e7bbe7aadc79e6b15f405a77dfc8c755e21439941c286362671851a4838da5`
MD5	`2bbf6989710e6e9d86266721149314f6`
BLAKE2b-256	`4d7e69df28b975142d1ddb62477e89e2fbd6a3517510157fb4ec595f676e0e0f`

Hashes for pwnedpwd-0.1.0-py3-none-any.whl

Hashes for pwnedpwd-0.1.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`c34a8fe056004326c12b2cf643a178b7a4f1b98f4307df2763a3c1dc48d34e7f`
MD5	`21052769ca1a12e835d631610a618868`
BLAKE2b-256	`09377b93eef41a48d024fecc0a7217fcb95b94dcb5fab27d0df0ebd6c38dd9eb`