Checks the haveibeenpwned.com compromised passwords database for a given hashed password without sending said credential across the wire.
- Install p7zip if you don't have it:
brew install p7zip
- Download large 7zip pwned passwords file (SHA-1; I downloaded by prevalence): https://haveibeenpwned.com/Passwords
- Extract pwned passwords file:
7z e pwned-passwords-sha1-ordered-by-count-v4.7z
- Get SHA-1 hashed version of your password and make it uppercase:
echo -n "" | openssl sha1 | awk '{print toupper($0)}'