ulif/little-pwny

Check whether a password has been compromised

little-pwny - moved to codeberg.org

Note

This project has been moved to https://codeberg.org/ulif/little-pwny in February 2022.

All further development happens over there.

Check whether a given passphrase has been compromised

little-pwny queries the have-i-been-pwned password database for breaches that contain a given passphrase and returns the number of breaches found. It does not reveal the plain passphrase to the database (nor to any other party, see below).

little-pwny works with plain Python 3.x and requires no additional packages.

Usage

$ pwny p@ssw0rd
51763

$ pwny aiPh1eehec8AhY2y
0

Use:

$ pwny --help

to learn more about all options supported.

Please note, that the Python package is called little-pwny while the executable script is called pwny.

At no time the raw password is transferred to https://haveibeenpwned.com. Instead we use the generously offered haveibeenpwned.com-API to deploy k-anonymity. I.e. we send the first five chars of the SHA1 hash of any given password. This way you can check new passwords without revealing them to the server (or any other party).

Install

You need at least some Python3 interpreter installed on your System.

with pip

Simply:

$ pip3 install little-pwny

If pip is not installed on your system, chances are, your Python3 comes with pip included:

$ python3 -m pip install little-pwny

If that fails as well, you might use your systems package manager to install pip3. On Ubuntu for instance this will do:

$ sudo apt install python3-pip
$ sudo pip3 install little-pwny

From Source

Clone the source:

$ git clone https://github.com/ulif/little-pwny
$ cd little-pwny

Create and activate a virtualenv:

$ virtualenv venv
$ source ./venv/bin/activate.sh

Then, from this directory, install the package:

[venv] $ pip install -e .

Running Tests

We use tox and py.test for testing. So,:

$ pip install tox
$ tox

should run all tests.