Check for breached passwords with k-anonymity
To get prompted to enter the password securely, simply run:
passwnd.py
Alternatively, you can specify the password directly:
passwnd.py <password>
The latter is not recommended, as it might leak the password to the shell history.
Simply double-click passwnd.exe or use it in a terminal like above.
You can get the latest release from here.
For ease-of-use, passwnd.exe is provided for Windows users, which comes with embedded Python.
You can download either the passwnd.py or passwnd.exe directly, or choose a packaged version which includes additional files.
- The password will be hashed with SHA1 and turned to human-readable hex (ASCII)
- That hex will be trimmed to just the first 5 characters
- That trimmed result will be submitted to the pwnedpasswords.com database
- pwnedpasswords.com will return all hashes that begin with that trim
- We download all returned hashes, and perform a full search locally
This way, we can check if a password was breached, without revealing said password. While simultaneously only requiring to download a few kB of data instead of GB.
Please consider donating a coffee if this tool is useful to you. (:
