Queries a local instance of Troy Hunt's Pwned Passwords database. (Port of https://github.com/tylerchr/pwnedpass)
Project description
pwnedpasswords tool
This code enables efficient querying of the Pwned Passwords database, without connecting to an external web service. This is primarily a python port of pwnedpass. This version uses the full 32 bit integer for each pwned count, and the searching code is written in python instead of Go since I need to use it in a Flask web application.
This includes both a tool to convert the pwned passwords data dump txt file to a binary database format, and a library/CLI program to query that database. You can install it using pip:
pip install pwnedpass
Binary file conversion tool
If you'd rather not go to the hassle of running this, you can download a copy of the .bin file off my site.
First download the latest Pwned Passwords SHA-1 file from here: https://haveibeenpwned.com/Passwords. Pick the one that's ordered by hash.
$ 7z e -so pwned-passwords-sha1-ordered-by-hash-v8.7z pwned-passwords-sha1-ordered-by-hash-v8.txt | python -m pwnedpass.rewrite - pwned-passwords-v8.bin
Reserving space for the index segment...
Writing data segment...
Writing index segment...
OK
(If necessary, this procedure can be done from within python, using pwnedpass.rewrite(in_file, out_file)
.)
The SHA-256 hash of the outputted file should be 0a6c80edf2b542bfa7a2d650c10228b5abc8aead69b6985e145ed3c7f30b1b63.
Testing the binary file
Assuming you did use v8 of the pwned passwords file, you can test the output file was generated correctly by
running ./test.py <path to the binary file>
.
Search tool
The querying can be done via a CLI script or from within python code.
CLI
$ pwnedpass pwned-passwords-v8.bin 9e7c97801cb4cce87b6c02f98291a6420e6400ad
10664
$ echo $?
2
$ pwnedpass pwned-passwords-v8.bin 4e0ff63499ff9931ec2980c6a71d63cab4f94f99
0
$ echo $?
0
$ pwnedpass pwned-passwords-v8.bin
Password:
6753
Where pwned-passwords-v8.bin
is the output of the rewrite tool.
- For compromised password hashes, output the number of times the password was compromised, and return an unsuccessful error code != 1.
- For non-compromised password hashes, output 0, and exit successfully.
As a library
import hashlib
import pwnedpass
user_password = read_password_from_web_form()
with open('pwned-passwords-v8.bin', 'rb') as f:
if count := pwnedpass.search(f, hashlib.sha1(user_password.encode()).digest()):
return f'Please use a different password. This one has been compromised {count} times.'
else:
# DO NOT USE the sha1 digest in your user database. SHA1 should *only* be used for checking if it's compromised.
hash = salt_and_hash_password(user_password)
save_to_database(hash)
License
BSD 3-clause, per the original. See LICENSE for details.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pwnedpass-1.0.0.tar.gz
.
File metadata
- Download URL: pwnedpass-1.0.0.tar.gz
- Upload date:
- Size: 9.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.6.0 importlib_metadata/4.8.1 pkginfo/1.8.3 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.64.0 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2343abacd2d6367a14f95075887d3c730ac256c4a88d7fd52b4ce8a35f9cb73b |
|
MD5 | dc9abf04aa2ee01f1382bf526ec93083 |
|
BLAKE2b-256 | b5ad36034373e9f2400be2095d399ec2b44341a9aa5bb8d6530ef2c9ce9a550b |
File details
Details for the file pwnedpass-1.0.0-py3-none-any.whl
.
File metadata
- Download URL: pwnedpass-1.0.0-py3-none-any.whl
- Upload date:
- Size: 6.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.6.0 importlib_metadata/4.8.1 pkginfo/1.8.3 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.64.0 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c5e85166439c94fe0ab8a580ddad4587daecf13d6b424f5d8c9c65d9e1bf3e1a |
|
MD5 | 479213ae72b09bec613c87601a357f28 |
|
BLAKE2b-256 | 2cf1161e1433750e78da7d5f3c48bd53464a289a79f58c91d09daeed0bdaef88 |