Skip to content

Instantly share code, notes, and snippets.

@donlampert

donlampert/pwned-password.md

Last active January 27, 2023 19:37
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save donlampert/1cb9d631d468645cc32ee5c2864e741b to your computer and use it in GitHub Desktop.
Save donlampert/1cb9d631d468645cc32ee5c2864e741b to your computer and use it in GitHub Desktop.
Download ZIP
Check for compromised passwords outside of haveibeenpwned.com search/api
Raw
pwned-password.md

pwned password check

Checks the haveibeenpwned.com compromised passwords database for a given hashed password without sending said credential across the wire.

Get Password Data

  1. Install p7zip if you don't have it: brew install p7zip
  2. Download large 7zip pwned passwords file (SHA-1; I downloaded by prevalence): https://haveibeenpwned.com/Passwords
  3. Extract pwned passwords file: 7z e pwned-passwords-sha1-ordered-by-count-v4.7z

Search Password Data

  1. Get SHA-1 hashed version of your password and make it uppercase: echo -n "<password>" | openssl sha1 | awk '{print toupper($0)}'
  2. Timed search for compromised password (mine took ~9 minutes when no result): time sed -n -e '/<hashed password>/{=;x;1!p;g;$!N;p;D;}' -e h pwned-passwords-sha1-ordered-by-count-v4.txt (Shows line before and after result...check out https://linuxconfig.org/learning-linux-commands-sed for other output options)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment