Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/aswinbarath/password-checker
The most secure password checker project
https://github.com/aswinbarath/password-checker
api-request password-checker python python3
Last synced: about 4 hours ago
JSON representation
The most secure password checker project
- Host: GitHub
- URL: https://github.com/aswinbarath/password-checker
- Owner: AswinBarath
- Created: 2020-12-26T14:26:28.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-01-21T15:59:43.000Z (almost 4 years ago)
- Last Synced: 2023-03-06T13:52:58.622Z (over 1 year ago)
- Topics: api-request, password-checker, python, python3
- Language: Python
- Homepage:
- Size: 931 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Password-checker
The most secure password checker project
Password-checker is a python script which checks whether your password is ever being being hacked/leaked or not.
---
## Table of content
- [Libraries](#Libraries-used)
- [Working of the code](#Working-of-the-code)
- [Importance of password strength](#Importance-of-password-strength)
- [Contributors](#Contributors)
---
## Libraries-used
The following libraries are used in the password-checker script:
- [Requests](https://requests.readthedocs.io/en/master/)
- [hashlib](https://docs.python.org/3/library/hashlib.html)
- [sys](https://docs.python.org/3/library/sys.html)
---
**[⬆ Back to Top](#Table-of-content)**
## Working of the code
- Password-checker script gets input(s) from the command line and checks whether it's ever being hacked/leaked or not.
- The idea here is implemented using an API, request/response cycle, and hashing
- The script is implemented in three key functions:
1. pwned_api_check()
2. request_api_data()
3. get_password_leaks_counts()
---
- The script works by taking input as command line arguements: PASSWORD1, PASSWORD2, P@$$W0RD3 (for example)
- Later, the passwords gets hashed using SHA1 algorithm for secure request/response over the internet
- Then, the hashed password is divided into two parts namely, head and tail
---
- Now, only the *head of the hashed password* is sent as a request query through the API
- The API being used is offered by [Have I Been Pwned](https://haveibeenpwned.com/Passwords) website.
- The process of sending only the head is known as [**k-anonymity**](https://en.wikipedia.org/wiki/K-anonymity#:~:text=The%20concept%20of%20k%2Danonymity,subjects%20of%20the%20data%20cannot)
(This process is done for secure request/response cycle over the internet to avoid Man in the Middle attack)
---
- The response we receive is a list of tail part of password hashes, and the number of times the password is leaked from the API's database server
- Now, the tail part of our hash can be compared with the set of hashes and counts received from the API to securely check our password's strength
- And the result is provided either with the count of hacks or your password is secure message as follows:
---
**[⬆ Back to Top](#Table-of-content)**
### Importance of password strength
- Importance of the strength of your password is vital in the protection of your personal data.
- The strength of the password depends on factors like:
- Length of your password
- Usage of numbers
- Usage of lowercase letters
- Usage of uppercase letters
- Usage of special characters
- If you take care of the above factors, the time taken to crack your password will be:
---
**[⬆ Back to Top](#Table-of-content)**
#### Contributors
- T Aswin Barath
- G Kishore