-
Notifications
You must be signed in to change notification settings - Fork 0
Home
akuechl edited this page Dec 27, 2021
·
4 revisions
This repository contains the password hashes of ';--have i been pwned?. It contains all SHA-1 hashes of all collected leaked passwords.
You can use the jsDelivr CDN provider to access the files.
see https://password-checker.github.io/
You want to check the password "secret".
- Convert the password into a SHA-1 hash. It is
E5E9FA1BA31ECD1AE84F75CAAA474F3A663F05F4. Pay attention to upper case of the letters. - Build a URL
- URL-Template:
https://cdn.jsdelivr.net/gh/password-checker/data-v<first sign of version>-<first sign of hash>@<version>/<first three signs of hash>/<fourth and fifth signs of hash>.txt - In Example: https://cdn.jsdelivr.net/gh/password-checker/data-v8-E@8.0.0/E5E/9F.txt
- URL-Template:
- Collect the file behind the URL.
- Search the file for the rest of the hash. In the example, this is
A1BA31ECD1AE84F75CAAA474F3A663F05F4. - In the example you can find the line
A1BA31ECD1AE84F75CAAA474F3A663F05F4:352091. This means that first, the password is known and second, the password was used in 352091 cases. - If you cannot find the rest of the hash, it means that the password is not known in the database.
Or:
You can clone the repositories and provide the hashes yourself. That's 32 GB of data (w/o .git folder).
Or:
You can download the original file yourself and split it with this program: file_data_splitter.