Test for pwned password
Project description
passpwnedcheck Package
This is a simple wrapper for Pwned Passwords API. It uses k-anonymity to securely check if your password has been leaked without actually sending your password to Pwned Passwords API.
Also, please check my blog post below for more information.
https://duongnt.com/leaked-password
Install
You can install passpwnedcheck using pip, just run the following command in the command line.
C:\> pip install passpwnedcheck
Usage
Blocking call
from passpwnedcheck.pass_checker import PassChecker
pass_checker = PassChecker()
password = 'Password'
is_leaked, count = pass_checker.is_password_compromised(password)
if is_leaked:
print(f'Your password has been leaked {count} times')
else:
print('Your password has not been leaked (yet)')
Alternatively, you can run pass_checker.py script from the command line, make sure to install the package via pip first.
C:\> python pass_checker.py password
Your password has been compromised xxxxxxx time(s)
Non-blocking call
from passpwnedcheck.pass_checker_async import PassCheckerAsync
# session = <Code to create an assyncio.session object>
pass_checker = PassCheckerAsync(session)
passwords = 'Password'
is_leaked, count = await pass_checker.is_password_compromised(password)
if is_leaked:
print(f'Your password has been leaked {count} times')
else:
print('Your password has not been leaked (yet)')
It's also possible to check multiple passwords at once. To reduce the load on Pwned Passwords API, we send requests in batches. The size of each batch is customizable, with 10 as the default.
# session = <Code to create an assyncio.session object>
pass_checker = PassCheckerAsync(session)
passwords = ['Password1', 'Password2', 'Password3', 'Password4']
results = await PassCheckerAsync.is_passwords_compromised(passwords)
print(results)
Results are stored in a dictionary, with each password as key.
{
'Password1': xxxxxxx,
'Password2': xxxxxxx,
'Password3': xxxxxxx,
'Password4': xxxxxxx
}
If you don't need to reuse the session then you can use the SessionManager
helper class, which is included with this library. Just wrap the code above inside a with
statement.
from passpwnedcheck.session_manager import SessionManager
async with SessionManager() as manager:
pass_checker = PassCheckerAsync(manager.get_session())
is_leaked, count = await pass_checker.is_password_compromised('Password')
You can also choose to increase/decrease the batch size when checking multiple passwords at once, but make sure that the number of concurrent requests is kept at a reasonable level.
passwords = ['Password1', 'Password2', 'Password3', 'Password4',...]
# Send requests to Pwned Passwords API in batch of five
results = await PassCheckerAsync.is_passwords_compromised(passwords=passwords, batch_size=5)
About k-anonymity
We utilize a mathematical property known as k-Anonymity and apply it to password hashes in the form of range queries. As such, the Pwned Passwords API service never gains enough information about a non-breached password hash to be able to breach it later.
Suppose a user enters the password test into a login form and the service they are logging into is programmed to validate whether their password is in a database of leaked password hashes. Firstly the client will generate a hash (in our example using SHA-1) of a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. The client will then truncate the hash to a predetermined number of characters (for example, 5) resulting in a Hash Prefix of a94a8. This Hash Prefix is then used to query the remote database for all hashes starting with that prefix. The entire hash list is then downloaded and each downloaded hash is then compared to see if any match the locally generated hash. If so, the password is known to have been leaked.
License
MIT License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for passpwnedcheck-2.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | fed20b81112080fa07e2f2762d1e29d3fd6a0aa11a2f5591670e2591ff9a703b |
|
MD5 | 579cacdd7aad5cf9a0e65c2647aa95bf |
|
BLAKE2b-256 | 140df0b2eb4bf735305d1a888f007d3fb4d17ff577f9fecb1e4d5b004e4bcfdd |