Securely checking if a password is compromised in Python

Checking if “123” is compromised and how many hits it would get.

K-anonymity + Have I Been Pwned

How easy is it to find different values that share the same hash prefix?

import os
import hashlib
n_matches = 0
while True:
sha1 = hashlib.sha1()
sha1.update(os.urandom(10))
digest = sha1.hexdigest()
if digest[:3] == '000':
n_matches += 1
print(digest, n_matches)
if n_matches >= 5:
break
PWNEDURL = "https://api.pwnedpasswords.com/range/{}"sha1 = hashlib.sha1()
sha1.update(passwd.encode())
hex_digest = sha1.hexdigest().upper()
hex_digest_f5 = hex_digest[:5]
hex_digest_remaining = hex_digest[5:]
r = requests.get(PWNEDURL.format(hex_digest_f5))leaked_passwd_freq = defaultdict(int)
for passwd_freq in r.content.splitlines():
pass_parts = passwd_freq.split(b":")
passwd = pass_parts[0].decode()
freq = pass_parts[1]
leaked_passwd_freq[passwd] = int(freq)

Demo

$ python3 passcheck.py
Enter password:
WARNING: Your password is compromised with 1078184 hits in the compromised passwords database
*Under the hood Have I Been Pwned web portal uses the same k-anonymity protocol and API to check for compromised passwords.

--

--

--

Security, Cryptography, Privacy, AI

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Flygbussarna lastbil körsimulator Hack Free Resources Generator

WannaCry ransomware: how to prevent the attempt to swindle

Querying Ethereum Data using The Graph (ENS examples)

Upgrading WhatsApp Security

Header image reading, “Upgrading WhatsApp security.”

Is Picoworker a real online earning website?

The Metadata Economy — The Future of Trusted Data Sharing

The Security paranoia game you didn’t know you were playing…yet you already lost

Working remotely? Why certificate management is key for secure communication.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Amirali Sanatinia

Amirali Sanatinia

Security, Cryptography, Privacy, AI

More from Medium

How to Install OpenSpeedTest on Docker with Portainer

Install NVIDIA Driver 510.47.03 on Ubuntu / Linux Mint Via PPA

Buy Tipsonunix a Coffee

ESP32 : How to Use 16x2 LCD Display without I2C

Using LCD and PWM in ESP32