Table of Contents

Orion is a simple program to check for compromised passwords using Have I Been Pwned API.

Project Home Orion
Source Code Andinus / Orion
GitHub (Mirror) Orion - GitHub


Demo Video
Orion v0.1.0


  • Password is hashed & split (prefix: [:5], suffix: [5:])
  • Prefix is sent to the HIBP API
  • HIBP API returns list of suffixes along with frequency
  • Orion looks for suffix from the list of suffixes

Match means the password is present in HIBP database & has been compromised.

Note: Password not present in database doesn't mean that it is a strong password.


Orion v0.1.0 was a simple cli application that asked user for password & returned the results. I almost never used this because I don't generate password in head, pass is my password manager & it stores all my passwords. So, the next version will check all my passwords from password store & return the results.

Andinus / / Modified: 2020-09-27 Sun 14:29 Emacs 27.1 (Org mode 9.3)