Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verifying passwords against HIBP #1520

Closed
wants to merge 1 commit into from
Closed

Verifying passwords against HIBP #1520

wants to merge 1 commit into from

Conversation

louib
Copy link
Member

@louib louib commented Feb 23, 2018

New CLI command to verify a password database against the HIBP database dump.

Motivation and context

Was inspired by https://news.ycombinator.com/item?id=16446020

How has this been tested?

Locally.

Screenshots (if appropriate):

$ keepassxc-cli pawned ~/1.kdbx ~/Downloads/pwned-passwords-2.0.txt
Insert password to unlock /home/louib/1.kdbx: 
Password for entry2 (fdd9d458b34d1157ffa3053787674971) was pawned 14434 times.
Password for entry1 (eff7485a277952b289456b3d71a3b300) was pawned 5401 times.
Password for entry3 (08a7c64479e9a54cc22f93439bd0cd7a) was pawned 5401 times.

Types of changes

  • ✅ New feature (non-breaking change which adds functionality)

Checklist:

  • ✅ I have read the CONTRIBUTING document. [REQUIRED]
  • ✅ My code follows the code style of this project. [REQUIRED]
  • ✅ All new and existing tests passed. [REQUIRED]
  • ✅ I have compiled and verified my code with -DWITH_ASAN=ON. [REQUIRED]
  • ✅ My change requires a change to the documentation and I have updated it accordingly.

@louib louib requested a review from a team February 23, 2018 21:44
@TheZ3ro
Copy link
Contributor

TheZ3ro commented Feb 23, 2018

Personally I would do a s/pawned/pwned/ since it's the correct leetspeak term https://en.wikipedia.org/wiki/Pwn

Side note: This PR is based on an offline SHA1 database of pwned password, instead of #1083 (comment) that use the service API

@droidmonkey
Copy link
Member

Personally I would not add sha1 to the CryptoHash class, however convienent. Either make the gcrypt calls directly from the cli code or create a new class (SHA1Hash). We don't want sha1 related to crypto in any way.

@droidmonkey droidmonkey added this to the v2.4.0 milestone Feb 24, 2018
@louib louib closed this Mar 31, 2018
@droidmonkey droidmonkey removed this from the v2.4.0 milestone Aug 29, 2018
@louib louib mentioned this pull request Feb 16, 2019
Merged
@phoerious phoerious added pr: new feature Pull request that adds a new feature and removed new feature labels Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature: CLI pr: new feature Pull request that adds a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@louib @TheZ3ro @droidmonkey @phoerious