Skip to content
/ Passwords Public

A Windows .Net Core console app for checking passwords held in a KeePass file against those in "Have I Been Pwned"

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alandixon/Passwords

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
Files
Files
 
 
KeePass-HaveIBeenPwned
KeePass-HaveIBeenPwned
 
 
Test_KP_HIBP
Test_KP_HIBP
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Passwords.sln
Passwords.sln
 
 
README.md
README.md
 
 

Repository files navigation

KeePass-HaveIBeenPwned

A Windows .Net Core console app for checking passwords held in a KeePass file against those in Have I Been Pwned

Table of contents

  1. Overview
  2. Usage
  3. Versions
    1. KeePass Version
    2. HaveIBeenPwned Version
    3. .Net Version
  4. Performance
  5. Credits

Overview

Compares the passwords in an exported KeePass file with those recorded by the "Have I Been Pwned" project. These are passwords that have been associated with large data breaches.
This app does not attempt to identify the breach, it just identifies matching passwords that are compromised and will likely be used in attempted bad logins.

Usage

  • Download the file "Have I been Pwned" password file from https://haveibeenpwned.com/Passwords
    Note: You MUST use the SHA-1 (ordered by hash) file.
    i.e. SHA-1, NOT NTLM
    and
    (ordered by hash), NOT (ordered by prevalence)
    The torrent link for this file is currently here, but this may change.

  • Open KeePass, load your password file and export it:
    File > Export > KeePass XML (2.x)
    Ensure you export this file somewhere safe as it holds all your cleartext passwords! Ensure you delete it after completion.

  • Run the KeePass-HaveIBeenPwned app with two parameters:
    -h HaveIBeenPwnedPasswordList
    -k Exported KeePass file
    e.g. to run the .Net Core dll from the VS2017 debug or release folder:
    dotnet KeePass-HaveIBeenPwned.dll -h hibpFile -k keepassFile

  • Delete your KeePass file i.e. [shift][delete] in file explorer, not just [delete], as that would typically put the file in the recycle bin.

  • If you want a standalone exe, rather than running dotnet against the dll, see
    MS docs and/or StackOverflow.

Versions

KeePass version

V2.35, from KeePass

HaveIBeenPwned version

Version 5, (ordered by hash), 14 Jul 2019m, 9.84GB.
Torrent
It is important that the "ordered by hash" file is used as the program assumes ordering and will not work correctly without it. Essentially, the pre-ordering of the file saves us having to sort a ~22GB text file with a little over half a billion lines.

.Net version

.Net core 2.1 developed with VS2017

Performance

I have 667 entries in my KeePass file (yes, I know, I've been using it for a few years) although this number should not significantly affect the run time - the main issue is reading ~550M lines from the HIBP file.
The app ran in just over 4 minutes on my i7 laptop with SSDs.

Credits

Command Line Parser Library for CLR and NetStandard https://github.com/commandlineparser/commandline

About

A Windows .Net Core console app for checking passwords held in a KeePass file against those in "Have I Been Pwned"

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages