Check if your users' passwords are safe to use. Pwned Passwords are 500 million real world passwords previously exposed in data breaches.
Reasons to choose Docker over public API:
- Security concerns: since you are going to check real passwords, you should not trust any external service!
- Performance: just the password database is over 10 GB in size, but the whole Docker image is only 2GB!
- Easy and fast: ready made Docker image hosted in Docker Hub available for quick experiments
Test it immediately with Docker (there is a ready image in Docker Hub):
TODO
Have I Been Pwned, Bloomed version, in Docker
Builds on:
- Troy Hunt's password data: https://haveibeenpwned.com/Passwords
- Adewes's Bloom filter and server in Go: https://github.com/adewes
- Docker: https://www.docker.com/
Requirements for building a Docker image:
- Download the file containing the password data
- Rename the file as "pwned-passwords.txt.7z"
- Copy the file to this directory. Note! Symlink does not work!
How to use locally:
- sudo bash build.sh # builds docker image
- sudo bash start.sh # starts docker container using the built image
- sudo bash connect.sh # if you want to connect to docker container
- sudo bash test.sh # execute curl commands and get response back
- sudo bash stop.sh # stops docker container
- sudo bash demolish.sh # removes the built image
Originally though of doing this with:
- Java
- Spark (for REST)
- mapdb (for persistent maps)
- commons collections v4 (PatriciaTrie for radix trie)
- HIBP (for data)