Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/skeeto/pwcheck

Database lookup for "Have I Been Pwned"
https://github.com/skeeto/pwcheck

Last synced: 3 months ago
JSON representation

Database lookup for "Have I Been Pwned"

Host: GitHub
URL: https://github.com/skeeto/pwcheck
Owner: skeeto
License: unlicense
Created: 2018-06-16T16:21:57.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-06-16T17:46:27.000Z (over 6 years ago)
Last Synced: 2024-08-02T01:20:53.232Z (6 months ago)
Language: C
Size: 14.6 KB
Stars: 8
Watchers: 3
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Database Lookup for "Have I Been Pwned"

This is a little C99 library for efficiently checking passwords against

the [Have I Been Pwned][pwn] dataset. The database is the sorted list of

hashes converted to binary, truncated, and concatenated. Look-ups are a

binary search on this memory-mapped file.

Once warmed up, this library can test around 250,000 passwords per

second.

Only POSIX systems are currently supported.

## Compilation

To build, run `make`. It produces:

* `compact`: A command line program for constructing databases.

* `pwcheck`: A simple command line password checking utility.

* `libpwcheck.so`: For use by other programs, particularly those written

  in languages with a foreign function interface (FFI).

## Database generation

To build a database from the "ordered by hash" dataset, pipe it through

the `compact` command:

    $ ./compact pwned.db

Hash truncation is controlled at *compile time* in `config.h`. With the

default configuration, the 2.0 dataset (501m passwords) becomes a 3.8GB

database. Since the database is memory mapped, it is not essential to

have that much physical memory, but it *is* essential for maintaining

high throughput.

The `pwcheck` convenient utility queries a database without involving

the library. It reads passwords, one per line, on standard input:

    $ echo correcthorsebatterystaple | ./pwcheck pwned.db

    correcthorsebatterystaple: found

    $ echo LyX | ./pwcheck pwned.db

    LyX: not found

## Shared library API

The API for `libpwcheck.so` is very FFI-friendly:

```c

/**

 * Open a database by its filename and return a handle.

 * Returns NULL if the file could not be opened.

 */

struct pwcheck *pwcheck_open(const char *);

/**

 * Close a database and free its resources.

 */

void pwcheck_close(struct pwcheck *);

/**

 * Return 0 if the null-terminated password is not in the database.

 */

int pwcheck_password(const struct pwcheck *, const char *);

/**

 * Return 0 if the given SHA-1 hash is not in the database.

 */

int pwcheck_hash(const struct pwcheck *, const void *);

```

[pwn]: https://haveibeenpwned.com/Passwords