Orion
Orion is a simple program to check for compromised passwords using Have I Been Pwned API.
Project Home | Orion |
Source Code | Andinus / Orion |
GitHub (Mirror) | Orion - GitHub |
Demo
Demo Video |
---|
Orion v0.1.0 |
Working
- Password is hashed & split (prefix: [:5], suffix: [5:])
- Prefix is sent to the HIBP API
- HIBP API returns list of suffixes along with frequency
- Orion looks for suffix from the list of suffixes
Match means the password is present in HIBP database & has been compromised.
Note: Password not present in database doesn't mean that it is a strong password.
History
Orion v0.1.0 was a simple cli application that asked user for password &
returned the results. I almost never used this because I don't generate password
in head, pass
is my password manager & it stores all my passwords. So, the next
version will check all my passwords from password store & return the results.