On Tue, Mar 21, 2023 at 02:28:08PM +0100, Pavel Raiskup wrote: On https://haveibeenpwned.com/Passwords there's a link to the explanation on how it works: https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#clo... Summary: it hashes the password, submits the first 5 letters and then compares the rest of the hash against the returned set of possible matches. If you don't trust the website, you can do this yourself in Python with a few lines of code: ``` #!/usr/bin/env python3 import requests import hashlib pwd="P@ssw0rd" myhash = hashlib.sha1(pwd.encode("utf8")).hexdigest() r = requests.get(f"https://api.pwnedpasswords.com/range/{myhash[:5]}") for hash in r.text.split('\r\n'): if hash.startswith(myhash[5:].upper()): print(f"Compromised: {myhash[:5].upper()}{hash}") ``` Creating a CLI for this should be trivial, packaging it too :) Cheers, Peter