User Tools

Site Tools


howtos:have_i_been_pwned

Validating Leaked Passwords with k-Anonymity

This is a simple bash script which takes your password, hash it and then do a ranged api lookup:

#!/bin/bash

IFS= read -rsp 'Password: ' password
echo
hash=$(printf %s "$password" | openssl sha1 | tr abcdef ABCDEF)
hash=${hash##* }
prefix=${hash:0:5}
suffix=${hash:5}
if
  curl -s "https://api.pwnedpasswords.com/range/$prefix" |
    grep "^$suffix" > /dev/null
then
  echo "Password breached."
  exit 1
else
  echo "Password not found in breached database."
  exit 0
fi

Install Hash Downloader

sudo snap refresh
sudo snap install haveibeenpwned-downloader

haveibeenpwned-downloader  --help
howtos/have_i_been_pwned.txt · Last modified: 18/08/2023 18:30 by domingo