Skip to main content

Client for HIBP passwords api using K-Anonymity method

Project description

pywnedPasswords

Build Status

This script uses the pwnedpasswords.com v2 api to check your password in a secure way (using the K-anonymity method)

The full Hash is never transmitted over the wire, only the first 5 characters. The comparison happens offline.

Special thanks to Troy Hunt (@troyhunt) for making this script possible.

Installation

pip install pywnedpasswords

Usage

Interactive

pywnedpasswords

Insert your password when asked.

the output will either be:

Password to check:

Found your password 47205 times.

or in case your password is secure

Password to check:

Your password did not appear in PwnedPasswords yet.

Passing the password as a command line argument

Discouraged - as it might leaves the password in your shell history

pywnedpasswords Passw0rd

Found your password 46980 times.

Piping the password

Discouraged - as it might leaves the password in your shell history

echo -n 'Passw0rd!' | pywnedpasswords 

Found your password 46980 times.

Reading passwords from a file

pywnedpasswords -f list-of-passwords.txt

Result is in the form: <line number>: <number of time the password was found>. 0 meaning the password is not known from Have I Been Pwned yet.

0: 7026
1: 45337
2: 376
3: 51
4: 27
5: 11
6: 136
7: 1
8: 6
9: 1
10: 0
11: 0
12: 0

Exit code

The pywnedpasswords exits with code 2 if the password is know of Have I Been Pwned already, and exit code 0 otherwise.

© xmatthias 2018

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pywnedpasswords-0.65.tar.gz (4.0 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page