Post

PwnedChecker: Password Breach Detection

Project Description

PwnedChecker is a tool that I developed in Python for checking if your password has been compromised in any data breaches by leveraging the HaveIBeenPwned API. It creates a SHA-1 hash of the password, sends a request using the first five characters of the hash to the API, and processes the response to determine if the password has been pwned.

Key Features

  • Password Hashing: Utilizes hashlib for the SHA-1 hashing algorithm to securely hash the user’s password.
  • API Integration: Leverages the HaveIBeenPwned API to verify if the password has been exposed in data breaches.
  • Response Processing: Parses the API response to find the complete hash and retrieve the count of breaches.
  • User-Friendly Interaction: Guides the user through the process with clear prompts and informative messages.

Libraries Used

These are the libraries that I’m using in pwnedchecker.py:

1
2
3
import hashlib
import requests
import argparse
  • hashlib: hashlib is a Python library for creating hashes, which is important since I need to create hashes of the password so that I can check if they were pwned in HaveIBeenPwned’s database, which stores pwned passwords by their SHA-1 hash.

  • requests: requests is a Python library for creating and sending HTTP requests. This is important since I need to interact with HaveIBeenPwned’s API to check if a password was previously involved in a breach.

  • argparse: argparse is a Python library for parsing command line arguments to the program. This allows my program to take in command line arguments in the terminal.

This post is licensed under CC BY 4.0 by the author.