cgrothaus · March 13, 2018 19:49
diff --git a/have_i_been_pwned.rb b/have_i_been_pwned.rb
 require 'digest'
 require 'io/console'
 require 'net/http'

 # Proxy setup here
 http = Net::HTTP # use this for no proxy or if you are fine with ENV var http_proxy
 # http = Net::HTTP::Proxy('myproxy.local', '8080') # use this for explicit configuration of proxy within this ruby script

 puts '+++++ PASSWORD CHECKER +++++'
 print 'Please enter password: '
 password = STDIN.noecho(&:gets).chomp
 puts

 digest = Digest::SHA1.hexdigest(password).upcase
 digest_start = digest[0..4]
 digest_rest = digest[5..-1]

 # puts "SHA-1 Digest of password = #{digest}"
 # puts "First 5 chars of digest  = #{digest_start}"
 # puts "Rest of digest           =      #{digest_rest}"

 puts 'Checking your password against https://haveibeenpwned.com/ corpus of known passwords'
 pawned_passwords_results = http.get(URI("https://api.pwnedpasswords.com/range/#{digest_start}"))
 # Query gives a result like
 # 005DBD3FF2C95176C6B73C0F9E1831D166D:7
 # 006A31EF658E6FC01F733042B5376C9FD5A:1
 # This is the digest_rest of each broken password, and the number of times it occurs in the dataset
 pawned_password_digest_rest_hash = pawned_passwords_results.lines.map(&:chomp).map { |line| line.split(':') }.to_h

 broken_count = pawned_password_digest_rest_hash[digest_rest]
 if broken_count
  puts "Your password is INSECURE (https://haveibeenpwned.com/ knows #{broken_count} uses of it)"
 else
  puts 'Your password may be secure, at least it is not known to https://haveibeenpwned.com/'
 end
	require 'digest'
	require 'io/console'
	require 'net/http'

	# Proxy setup here
	http = Net::HTTP # use this for no proxy or if you are fine with ENV var http_proxy
	# http = Net::HTTP::Proxy('myproxy.local', '8080') # use this for explicit configuration of proxy within this ruby script

	puts '+++++ PASSWORD CHECKER +++++'
	print 'Please enter password: '
	password = STDIN.noecho(&:gets).chomp
	puts

	digest = Digest::SHA1.hexdigest(password).upcase
	digest_start = digest[0..4]
	digest_rest = digest[5..-1]

	# puts "SHA-1 Digest of password = #{digest}"
	# puts "First 5 chars of digest = #{digest_start}"
	# puts "Rest of digest = #{digest_rest}"

	puts 'Checking your password against https://haveibeenpwned.com/ corpus of known passwords'
	pawned_passwords_results = http.get(URI("https://api.pwnedpasswords.com/range/#{digest_start}"))
	# Query gives a result like
	# 005DBD3FF2C95176C6B73C0F9E1831D166D:7
	# 006A31EF658E6FC01F733042B5376C9FD5A:1
	# This is the digest_rest of each broken password, and the number of times it occurs in the dataset
	pawned_password_digest_rest_hash = pawned_passwords_results.lines.map(&:chomp).map { \|line\| line.split(':') }.to_h

	broken_count = pawned_password_digest_rest_hash[digest_rest]
	if broken_count
	puts "Your password is INSECURE (https://haveibeenpwned.com/ knows #{broken_count} uses of it)"
	else
	puts 'Your password may be secure, at least it is not known to https://haveibeenpwned.com/'
	end