Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Check Passwords Against BreechList Fast
import sha1 from "sha1";
import axios from "axios";
const BREECH_TOLERENCE = 100;
isBreeched = password => {
const pwSha1 = sha1(password).toUpperCase();
const salt = pwSha1.slice(0, 5);
const pepper = pwSha1.slice(5);
return axios
.get(`https://api.pwnedpasswords.com/range/${salt}`)
.then(response => {
const hashes = response.data;
var re = new RegExp(`${pepper}\\:(\\d*)`, "gm");
const regArr = re.exec(hashes);
console.log(regArr);
if (regArr && regArr.length > 0) {
const freq = parseInt(regArr[1], 10);
if (freq > BREECH_TOLERENCE) return true;
}
return false;
})
.catch(err => {
// we don't want a bad connection to breech list ruin or reg
console.error(
"Unable to check breech list for password. Please be sure to use a strong and secure password.",
err
);
return true;
});
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment