( toMpEr | 2020. 02. 21., p - 10:57 )

Szerkesztve: 2020. 02. 21., p - 11:01

Aki biztonságosan akarja ellenőrizni a jelszavát az adatbázisban (sha1-el hasheli, majd a hash első 5 karakterét küldi csak el, firepwned-ból lopva):

import urllib.request
import hashlib
import getpass

PREFIX_LEN = 5
LINE_DELIMITER = ":"
API_URL = "https://api.pwnedpasswords.com/range/"

def is_password_pwned(password):
    hash = hashlib.sha1(bytes(password, "utf8")).hexdigest()
    hash_prefix = hash[0:PREFIX_LEN]
    hash_suffix = hash[PREFIX_LEN:]

    url = API_URL + hash_prefix
    print("Getting", url)
    response = urllib.request.urlopen(url)
    if response.getcode() != 200:
        raise Exception("PwnedPasswords API looks down")

    results = response.read().decode("utf8").split("\n")

    for result in results:
        hash_suffix_candidate, count = result.split(LINE_DELIMITER)
        if hash_suffix_candidate.lower().lstrip() == hash_suffix:
            return (True, int(count))

    return (False, 0)

print("Result:", is_password_pwned(getpass.getpass("Password:")))

Nekem negatív lett a hup-ra egyedi jelszavam:

$ python3 testpw.py
Password:
Getting https://api.pwnedpasswords.com/range/dd51a
Result: (False, 0)