{"id":13722154,"url":"https://github.com/mihaifm/HIBPOfflineCheck","last_synced_at":"2025-05-07T14:31:11.130Z","repository":{"id":41451513,"uuid":"125638055","full_name":"mihaifm/HIBPOfflineCheck","owner":"mihaifm","description":"Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords","archived":false,"fork":false,"pushed_at":"2025-01-04T20:48:39.000Z","size":148,"stargazers_count":333,"open_issues_count":3,"forks_count":17,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-12T08:37:51.863Z","etag":null,"topics":["haveibeenpwned","keepass","keepass-plugin"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mihaifm.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-17T14:36:35.000Z","updated_at":"2025-04-04T01:54:59.000Z","dependencies_parsed_at":"2024-01-06T01:08:59.533Z","dependency_job_id":"6ff79f9e-cae4-45e1-bc99-bc2acc9e6b77","html_url":"https://github.com/mihaifm/HIBPOfflineCheck","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mihaifm%2FHIBPOfflineCheck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mihaifm%2FHIBPOfflineCheck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mihaifm%2FHIBPOfflineCheck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mihaifm%2FHIBPOfflineCheck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mihaifm","download_url":"https://codeload.github.com/mihaifm/HIBPOfflineCheck/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252895582,"owners_count":21821184,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["haveibeenpwned","keepass","keepass-plugin"],"created_at":"2024-08-03T01:01:25.122Z","updated_at":"2025-05-07T14:31:10.651Z","avatar_url":"https://github.com/mihaifm.png","language":"C#","readme":"# HIBP Offline Check\n\n![screen](https://user-images.githubusercontent.com/981184/37559417-71ac2bc4-2a2e-11e8-8e3d-5877d9d7a999.png)\n\nThis is a __[KeePass](https://keepass.info/)__ plugin for __[Have I been pwned](https://haveibeenpwned.com/)__.    \nIt can perform both __offline__ and __online__ checks against the password breach list for any selected password entry.    \nDouble click the plugin column to get an instant status check, or use the right click menu to perform the same check for all selected passwords.\n\n## Motivation\n\n[Have I been pwned?](https://haveibeenpwned.com/) is an excellent tool for checking leaked passwords.\nWhile it does provide an API for securely checking the passwords online, some bits of a hashed password still need to be sent to the service when performing this type of check.\n\nThis plugin offers the alternative of an offline check, by using the downloadable file provided by [Have I been pwned](https://haveibeenpwned.com/).    \n\nOnline check mode is also provided as an option, being implemented using the [k-anonimity](https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange) model required by the HIBP public API.\n\nThe plugin adds a new column to KeePass. When double-clicking the column for a specific entry, the SHA1 hash is calculated for the password, which is then searched in the file. A status will be displayed on the column for that specific password.\n\n## Features\n\n- passwords can be checked in offline or online mode\n- binary search in the large password file gives an instant result for the offline mode\n- [bloom filter](https://en.wikipedia.org/wiki/Bloom_filter) support\n- [k-anonimity](https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange) method implemented for the online mode\n- the status (Pwned or Secure) is saved in the KeePass database and will be retrieved when reopening the app, and updated if the password entry changes\n- each password is individually checked only on user request\n- multiple passwords can be checked in bulk by using the right click menu\n- option to check all passwords in the database\n\n## Prerequisites\n\nDownload the latest version of the [password list](https://haveibeenpwned.com/Passwords) using the [haveibeenpwned-downloader](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader):\n\n    haveibeenpwned-downloader.exe pwnedpasswords\n\nDownloading the file is not required if Online mode is selected in the options.\n\nIf you are using KeePass on Windows, this plugin requires **Microsoft .NET Framework 4.5** to run.\n\nWhen running KeePass under Mono (on Ubuntu/Debian), if the plugin does not compile or load, verify that you have installed the `mono-mcs` package.\n\n## Installation\n\n- Download [HIBPOfflineCheck.plgx](https://github.com/mihaifm/HIBPOfflineCheck/releases/latest) from Releases.\n- Copy it in the Plugins folder of the KeePass installation.\n\n## Configuration\n\nTo configure the plugin, open `Tools` -\u003e `HIBP Offline Check...`\n\n![image](https://github.com/mihaifm/HIBPOfflineCheck/assets/981184/b134904f-5a8a-4cff-86cb-89fcd6abdf43)\n\nIf the Offline mode is selected then `Pwned passwords file` must be set to the password list file. If `Pwned passwords file` is not set then the plugin will try to find a password list file in the same location as `KeePass.exe`.\n\nIf you want to change `Column name`, a new column will be created with the new name and needs to be enabled under `View` -\u003e `Configure Columns` -\u003e `Provided by Plugins`. Before changing the column name, it is recommended that you clear the status of all entries (`Tools` -\u003e `HIBP Offline Check` -\u003e `Clear Status`).\n\n## Usage\n\n### Enable\n\nIn KeePass, enable the plugin column in `View` -\u003e `Configure Columns...` -\u003e `Provided by Plugins`.     \nDouble clicking the `Have I been pwned?` column for any entry will display the password status. The status is also automatically checked when creating or updating an entry.\n\n### Single password check\n\n__Double click__ a password entry under the `Have I been pwned?` column to get the status.\n\n![image](https://user-images.githubusercontent.com/981184/46235975-6ce7d700-c385-11e8-9a1e-2d473d825ba1.png)    \n    \n### Multiple passwords check\n\n__Select multiple entries__, then right click on the selection -\u003e `Have I been pwned?` -\u003e `Check`\n    \n![image](https://user-images.githubusercontent.com/981184/64819685-86465b00-d5b7-11e9-8e81-e95b31acbfd7.png)\n        \n### Check all passwords \n\nTo check all the passwords in the database:    \n\n`Tools` -\u003e `HIBP Offline Check...` -\u003e `Check All Passwords`\n\n### Automatic checks\n\nNewly created and updated entries are automatically checked. There is also an option to display a warning after creating an insecure password. \n\n### Find all pwned passwords\n\nTo view all your insecure passwords, use the Find menu (it will only display passwords which have been checked, so make sure to check all first):\n\n`Find` -\u003e `Pwned Passwords`\n\n### Bloom filter\n\nA [Bloom filter](https://en.wikipedia.org/wiki/Bloom_filter) allows you to save disk space by not having to store the HIBP passwords file on your drive. Instead, a generated file (currently under 1GB in size) would be loaded, providing an accuracy of 99.9% for password checking. Only about 1/1000 Secure passwords would be false positives, showing up as Pwned. Pwned passwords will *never* show up as Secure.\n\nYou can generate the Bloom filter by selecting `Tools` -\u003e `HIBP Offline Check` -\u003e `Bloom filter` and then `Generate Bloom Filter...`.\nIt may take anywhere between 15-45 minutes to generate the filter, depending on your hardware. For convenience the filter has also been uploaded to this separate [HIBPBloomFilter](https://github.com/mihaifm/HIBPBloomFilter) repository, so you can download it instead of generating it.\n\n## Building the plugin\n\nYou can build the plugin from source using Visual Studio: open the .sln file and compile the Release configuration.\nCopy the .dll from `bin\\Release` to the Plugins folder of the KeePass installation.\n\n**Enjoy!**\n\n","funding_links":[],"categories":["Plugins"],"sub_categories":["Other clients"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmihaifm%2FHIBPOfflineCheck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmihaifm%2FHIBPOfflineCheck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmihaifm%2FHIBPOfflineCheck/lists"}