Skip to content

Instantly share code, notes, and snippets.

@cgrothaus
Created March 13, 2018 19:49
Show Gist options
  • Save cgrothaus/5f86148626f236454e57780409f864f9 to your computer and use it in GitHub Desktop.
Save cgrothaus/5f86148626f236454e57780409f864f9 to your computer and use it in GitHub Desktop.
require 'digest'
require 'io/console'
require 'net/http'
# Proxy setup here
http = Net::HTTP # use this for no proxy or if you are fine with ENV var http_proxy
# http = Net::HTTP::Proxy('myproxy.local', '8080') # use this for explicit configuration of proxy within this ruby script
puts '+++++ PASSWORD CHECKER +++++'
print 'Please enter password: '
password = STDIN.noecho(&:gets).chomp
puts
digest = Digest::SHA1.hexdigest(password).upcase
digest_start = digest[0..4]
digest_rest = digest[5..-1]
# puts "SHA-1 Digest of password = #{digest}"
# puts "First 5 chars of digest = #{digest_start}"
# puts "Rest of digest = #{digest_rest}"
puts 'Checking your password against https://haveibeenpwned.com/ corpus of known passwords'
pawned_passwords_results = http.get(URI("https://api.pwnedpasswords.com/range/#{digest_start}"))
# Query gives a result like
# 005DBD3FF2C95176C6B73C0F9E1831D166D:7
# 006A31EF658E6FC01F733042B5376C9FD5A:1
# This is the digest_rest of each broken password, and the number of times it occurs in the dataset
pawned_password_digest_rest_hash = pawned_passwords_results.lines.map(&:chomp).map { |line| line.split(':') }.to_h
broken_count = pawned_password_digest_rest_hash[digest_rest]
if broken_count
puts "Your password is INSECURE (https://haveibeenpwned.com/ knows #{broken_count} uses of it)"
else
puts 'Your password may be secure, at least it is not known to https://haveibeenpwned.com/'
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment