Ruby gem to search against the Pwned Passwords API without using Devise. Borrows heavily from devise-pwned_password.
The Pwned Passwords list is available for download here: https://haveibeenpwned.com/Passwords
The file only includes the SHA-1 hash of each password with the count of how many times it's been observed in public data breaches.
To import data from SHA-1 archive:
-
create a target sql file e.g.
touch pwned-passwords-v5.sql -
run the ruby script
ruby prepare-sql.rb pwned-passwords-sha1-ordered-by-count-v5.txt pwned-password-v5.sql -
import "pwned-passwords-v5.sql" into a database.