Checks the haveibeenpwned.com compromised passwords database for a given hashed password without sending said credential across the wire.
- Install p7zip if you don't have it:
brew install p7zip
- Download large 7zip pwned passwords file (SHA-1; I downloaded by prevalence): https://haveibeenpwned.com/Passwords
- Extract pwned passwords file:
7z e pwned-passwords-sha1-ordered-by-count-v4.7z
- Get SHA-1 hashed version of your password and make it uppercase:
echo -n "<password>" | openssl sha1 | awk '{print toupper($0)}'
- Timed search for compromised password (mine took ~9 minutes when no result):
time sed -n -e '/<hashed password>/{=;x;1!p;g;$!N;p;D;}' -e h pwned-passwords-sha1-ordered-by-count-v4.txt
(Shows line before and after result...check out https://linuxconfig.org/learning-linux-commands-sed for other output options)