Check PWNED Passwords - Prototype...

Purpose:

This project was inspired from a video by Dr Mike Pound [Computerphile] Have You Been Pwned? and to showcase using a REST API. The term "pwn" means An act of dominating an opponent. In this case your password. According to haveibeenpwned.com, Pwned Passwords are 551,509,767 real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts. They're searchable online below as well as being downloadable for use in other online systems.

In this example project, I am using a k-Anonymity model that allows a password to be searched for by partial hash. (Searching by range) The JavaScript algorithm will convert your plain text into a Secure Hash Algorithm 1 (SHA-1) and use the first 5 characters of the hash to check the pwned passwords repository. The last 35 characters of the hash will then be used to search for a match.

in this section you will provide a password to check against the repository to see if the password has been comprimised. There is a password input field and a execute button.

Example:

If you type "password" and click the pwned button.

• Full SHA-1 HEX = 5baa61e4c9b93f3f068 2250b6cf8331b7ee68fd8
• First 5 chars to use for API k-Anonymity = 5baa6 (the only characters being sent to the repository)
• Part to search = 1e4c9b93f3f0682 250b6cf8331b7ee68fd8
• Display hash found or not found

The searching algorithm is being accomplished on the front-end. (your computer, not mine or the server)

Purpose:

JavaScript random password generator.

Purpose:

In this section, the user can search for a single breached site. A "breach" is an instance of a system having been compromised by an attacker and the data disclosed. For example, Adobe was a breach, Gawker was a breach etc.