GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mihaifm → Hibpofflinecheck

mihaifm / Hibpofflinecheck

Licence: gpl-3.0
Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords

Labels

keepasshaveibeenpwned

Projects that are alternatives of or similar to Hibpofflinecheck

Keepass2 Haveibeenpwned
Simple Have I Been Pwned checker for KeePass
Stars: ✭ 381 (+99.48%)
Mutual labels:  keepass, haveibeenpwned
keepassxc-pwned
Check your keepassxc database against previously breached haveibeenpwned passwords
Stars: ✭ 25 (-86.91%)
Mutual labels:  keepass, haveibeenpwned
Passhole
A secure hole for your passwords (KeePass CLI)
Stars: ✭ 108 (-43.46%)
Mutual labels:  keepass
Password pwncheck
Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules
Stars: ✭ 152 (-20.42%)
Mutual labels:  haveibeenpwned
Openkeepass
[Deprecated] A java library for reading and writing KeePass databases. It is an intuitive java library that supports KeePass 2.x database files.
Stars: ✭ 128 (-32.98%)
Mutual labels:  keepass
Keepass4web
An application that serves KeePass database entries on a web frontend
Stars: ✭ 115 (-39.79%)
Mutual labels:  keepass
H8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Stars: ✭ 2,163 (+1032.46%)
Mutual labels:  haveibeenpwned
Keepassdx
📱 KeePass implementation for android with material design and deluxe features
Stars: ✭ 1,395 (+630.37%)
Mutual labels:  keepass
Keepassjava2
Java API for KeePass Password Databases - Read/Write 2.x, Read 1.x
Stars: ✭ 168 (-12.04%)
Mutual labels:  keepass
Hibp
A composer package to verify if a password was previously used in a breach using Have I Been Pwned API.
Stars: ✭ 126 (-34.03%)
Mutual labels:  haveibeenpwned
Breach.tw
A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (-24.61%)
Mutual labels:  haveibeenpwned
Pw Pwnage Cfworker
Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 7.8+ billion breached accounts
Stars: ✭ 125 (-34.55%)
Mutual labels:  haveibeenpwned
Keeweb
Free cross-platform password manager compatible with KeePass
Stars: ✭ 10,587 (+5442.93%)
Mutual labels:  keepass
Cr3dov3r
Know the dangers of credential reuse attacks.
Stars: ✭ 1,700 (+790.05%)
Mutual labels:  haveibeenpwned
Keepasskit
KeePass Database loading, storing and manipulation framework
Stars: ✭ 109 (-42.93%)
Mutual labels:  keepass
Pwned
A command-line tool for querying the 'Have I been pwned?' service.
Stars: ✭ 161 (-15.71%)
Mutual labels:  haveibeenpwned
Socialpwned
SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB.
Stars: ✭ 104 (-45.55%)
Mutual labels:  haveibeenpwned
Lil Pwny
Fast, offline auditing of Active Directory passwords using Python.
Stars: ✭ 117 (-38.74%)
Mutual labels:  haveibeenpwned
Passpwn
See if your passwords in pass has been breached.
Stars: ✭ 130 (-31.94%)
Mutual labels:  haveibeenpwned
Poshkeepass
PowerShell module for KeePass
Stars: ✭ 177 (-7.33%)
Mutual labels:  keepass
View All Similar Projects ➔

HIBP Offline Check

screen

This is a KeePass plugin for Have I been pwned.
It can perform both offline and online checks against the password breach list for any selected password entry.
Double click the plugin column to get an instant status check, or use the right click menu to perform the same check for all selected passwords.

Motivation

Have I been pwned? is an excellent tool for checking leaked passwords. While it does provide an API for securely checking the passwords online, some bits of a hashed password still need to be sent to the service when performing this type of check.

This plugin offers the alternative of an offline check, by using the downloadable file provided by Have I been pwned.

Online check mode is also provided as an option, being implemented using the k-anonimity model required by the HIBP public API.

The plugin adds a new column to KeePass. When double-clicking the column for a specific entry, the SHA1 hash is calculated for the password, which is then searched in the file. A status will be displayed on the column for that specific password.

Features

  • passwords can be checked in offline or online mode
  • binary search in the large password file gives an instant result for the offline mode
  • bloom filter support
  • k-anonimity method implemented for the online mode
  • the status (Pwned or Secure) is saved in the KeePass database and will be retrieved when reopening the app, and updated if the password entry changes
  • each password is individually checked only on user request
  • multiple passwords can be checked in bulk by using the right click menu
  • option to check all passwords in the database

Prerequisites

  • Download the pwned-passwords-sha1-ordered-by-hash-v4.txt file from haveibeenpwned.com password list. Use the torrent if possible, as suggested by the author.

    It's important that you get the SHA-1 (ordered by hash) version of the file, the plugin uses it for fast searching.

  • Extract the file from the 7zip archive

  • Place the pwned-passwords-sha1-ordered-by-hash-v4.txt file in the same location as KeePass.exe (file location is configurable in the options)

Downloading the file is not required if Online mode is selected in the options, however using Offline mode significantly speeds up the checking process if you have a lot of passwords.

Installation

Secure:

  • Build the plugin from source using Visual Studio: open the .sln file and compile the Release configuration.
  • Copy the .dll from bin\Release to the Plugins folder of the KeePass installation

Quick

Usage

Enable

In KeePass, enable the plugin column in View -> Configure Columns -> Provided by Plugins.
Double clicking the Have I been pwned? column for any entry will display the password status. The status is also automatically checked when creating or updating an entry.

Single password check

Double click a password entry under the Have I been pwned? column to get the status

image

Multiple passwords check

Select multiple entries, right click -> Have I been pwned? -> Check

image

Check all passwords

To check all the passwords in the database:

Tools -> HIBP Offline Check -> Check All Passwords

Automatic checks

Newly created and updated entries are automatically checked. There is also an option to display a warning after creating an insecure password.

Bloom filter

A Bloom filter allows you to save disk space by not having to store the HIBP passwords file on your drive. Instead, a generated file (currently under 1GB in size) would be loaded, providing an accuracy of 99.9% for password checking. Only about 1/1000 Secure passwords would be false positives, showing up as Pwned. Pwned passwords will never show up as Secure.

You can generate the Bloom filter by selecting Tools -> HIBP Offline Check -> Bloom filter and then Generate Bloom Filter... It may take anywhere between 15-45 minutes to generate the filter, depending on your hardware. For convenience the filter has also been uploaded to this separate HIBPBloomFilter repository, so you can download it instead of generating it.

Configuration

To configure the plugin, open Tools -> HIBP Offline Check...

image

Note that after changing the Column name, a new column will be created with the new name and needs to be enabled under View -> Configure Columns -> Provided by Plugins. Before changing the column name, it is recommended that you clear the status of all entries (Tools -> HIBP Offline Check -> Clear Status).

Enjoy!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].