Aki biztonságosan akarja ellenőrizni a jelszavát az adatbázisban (sha1-el hasheli, majd a hash első 5 karakterét küldi csak el, firepwned-ból lopva):
import urllib.request
import hashlib
import getpass
PREFIX_LEN = 5
LINE_DELIMITER = ":"
API_URL = "https://api.pwnedpasswords.com/range/"
def is_password_pwned(password):
hash = hashlib.sha1(bytes(password, "utf8")).hexdigest()
hash_prefix = hash[0:PREFIX_LEN]
hash_suffix = hash[PREFIX_LEN:]
url = API_URL + hash_prefix
print("Getting", url)
response = urllib.request.urlopen(url)
if response.getcode() != 200:
raise Exception("PwnedPasswords API looks down")
results = response.read().decode("utf8").split("\n")
for result in results:
hash_suffix_candidate, count = result.split(LINE_DELIMITER)
if hash_suffix_candidate.lower().lstrip() == hash_suffix:
return (True, int(count))
return (False, 0)
print("Result:", is_password_pwned(getpass.getpass("Password:")))
Nekem negatív lett a hup-ra egyedi jelszavam:
$ python3 testpw.py
Password:
Getting https://api.pwnedpasswords.com/range/dd51a
Result: (False, 0)