passwnd
Check for breached passwords with k-anonymity
Usage
To get prompted to enter the password securely, simply run:
passwnd.py
Alternatively, you can specify the password directly:
passwnd.py <password>
The latter is not recommended, as it might leak the password to the shell history.
Usage (Windows)
Simply double-click passwnd.exe
or use it in a terminal like above.
Obtaining
You can get the latest release from here.
For ease-of-use, passwnd.exe
is provided for Windows users, which comes with embedded Python.
You can download either the passwnd.py
or passwnd.exe
directly, or choose a packaged version which includes additional files.
How it works
- The password will be hashed with SHA1 and turned to human-readable hex (ASCII)
- That hex will be trimmed to just the first 5 characters
- That trimmed result will be submitted to the pwnedpasswords.com database
- pwnedpasswords.com will return all hashes that begin with that trim
- We download all returned hashes, and perform a full search locally
This way, we can check if a password was breached, without revealing said password. While simultaneously only requiring to download a few kB of data instead of GB.
Coffee
Please consider donating a coffee if this tool is useful to you. (: