How to match by passwords against Have I Been Pwned?












0















OK, so I've downloaded all the SHA-1 hashes from Have I Been Pwned, exported everything from my password manager, and processed that into a file with one password per line. How do I match these files effectively?










share|improve this question













migrated from stackoverflow.com 10 mins ago


This question came from our site for professional and enthusiast programmers.




















    0















    OK, so I've downloaded all the SHA-1 hashes from Have I Been Pwned, exported everything from my password manager, and processed that into a file with one password per line. How do I match these files effectively?










    share|improve this question













    migrated from stackoverflow.com 10 mins ago


    This question came from our site for professional and enthusiast programmers.


















      0












      0








      0








      OK, so I've downloaded all the SHA-1 hashes from Have I Been Pwned, exported everything from my password manager, and processed that into a file with one password per line. How do I match these files effectively?










      share|improve this question














      OK, so I've downloaded all the SHA-1 hashes from Have I Been Pwned, exported everything from my password manager, and processed that into a file with one password per line. How do I match these files effectively?







      linux






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 20 hours ago









      l0b0l0b0

      27.9k17118246




      27.9k17118246




      migrated from stackoverflow.com 10 mins ago


      This question came from our site for professional and enthusiast programmers.






      migrated from stackoverflow.com 10 mins ago


      This question came from our site for professional and enthusiast programmers.
























          1 Answer
          1






          active

          oldest

          votes


















          2














          Prerequisites





          • 7z, which should be in the "p7zip" package.


          • sha1sum and shred, which should be in the "coreutils" package.


          • grep from the "grep" package.


          Process





          1. Create a file with unique upper case password hashes, and a file with passwords and their corresponding hashes:



            sort -u passwords.txt | while read -r password
            do
            hash="$(printf '%s' "$password" |
            sha1sum |
            cut -d' ' -f1 |
            tr 'a-f' 'A-F')"
            printf '%sn' "$hash" >> hashes.txt
            printf '%st%sn' "$hash" "$password" >> passwords-with-hashes.txt
            done



          2. Match your hashes to all the entries in the downloaded file:



            7z e -so pwned-passwords-sha1-ordered-by-hash-v*.7z | 
            cut -c 1-40 |
            grep -Fxf hashes.txt |
            tee matches.txt


            Be patient - this took nearly 20 minutes on a desktop machine with an SSD!




          3. Show the passwords related to the matches:



            grep -Ff matches.txt passwords-with-hashes.txt | cut -f2



          4. Securely remove the files you've created:



            shred --remove hashes.txt matches.txt passwords.txt passwords-with-hashes.txt







          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495398%2fhow-to-match-by-passwords-against-have-i-been-pwned%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            Prerequisites





            • 7z, which should be in the "p7zip" package.


            • sha1sum and shred, which should be in the "coreutils" package.


            • grep from the "grep" package.


            Process





            1. Create a file with unique upper case password hashes, and a file with passwords and their corresponding hashes:



              sort -u passwords.txt | while read -r password
              do
              hash="$(printf '%s' "$password" |
              sha1sum |
              cut -d' ' -f1 |
              tr 'a-f' 'A-F')"
              printf '%sn' "$hash" >> hashes.txt
              printf '%st%sn' "$hash" "$password" >> passwords-with-hashes.txt
              done



            2. Match your hashes to all the entries in the downloaded file:



              7z e -so pwned-passwords-sha1-ordered-by-hash-v*.7z | 
              cut -c 1-40 |
              grep -Fxf hashes.txt |
              tee matches.txt


              Be patient - this took nearly 20 minutes on a desktop machine with an SSD!




            3. Show the passwords related to the matches:



              grep -Ff matches.txt passwords-with-hashes.txt | cut -f2



            4. Securely remove the files you've created:



              shred --remove hashes.txt matches.txt passwords.txt passwords-with-hashes.txt







            share|improve this answer




























              2














              Prerequisites





              • 7z, which should be in the "p7zip" package.


              • sha1sum and shred, which should be in the "coreutils" package.


              • grep from the "grep" package.


              Process





              1. Create a file with unique upper case password hashes, and a file with passwords and their corresponding hashes:



                sort -u passwords.txt | while read -r password
                do
                hash="$(printf '%s' "$password" |
                sha1sum |
                cut -d' ' -f1 |
                tr 'a-f' 'A-F')"
                printf '%sn' "$hash" >> hashes.txt
                printf '%st%sn' "$hash" "$password" >> passwords-with-hashes.txt
                done



              2. Match your hashes to all the entries in the downloaded file:



                7z e -so pwned-passwords-sha1-ordered-by-hash-v*.7z | 
                cut -c 1-40 |
                grep -Fxf hashes.txt |
                tee matches.txt


                Be patient - this took nearly 20 minutes on a desktop machine with an SSD!




              3. Show the passwords related to the matches:



                grep -Ff matches.txt passwords-with-hashes.txt | cut -f2



              4. Securely remove the files you've created:



                shred --remove hashes.txt matches.txt passwords.txt passwords-with-hashes.txt







              share|improve this answer


























                2












                2








                2







                Prerequisites





                • 7z, which should be in the "p7zip" package.


                • sha1sum and shred, which should be in the "coreutils" package.


                • grep from the "grep" package.


                Process





                1. Create a file with unique upper case password hashes, and a file with passwords and their corresponding hashes:



                  sort -u passwords.txt | while read -r password
                  do
                  hash="$(printf '%s' "$password" |
                  sha1sum |
                  cut -d' ' -f1 |
                  tr 'a-f' 'A-F')"
                  printf '%sn' "$hash" >> hashes.txt
                  printf '%st%sn' "$hash" "$password" >> passwords-with-hashes.txt
                  done



                2. Match your hashes to all the entries in the downloaded file:



                  7z e -so pwned-passwords-sha1-ordered-by-hash-v*.7z | 
                  cut -c 1-40 |
                  grep -Fxf hashes.txt |
                  tee matches.txt


                  Be patient - this took nearly 20 minutes on a desktop machine with an SSD!




                3. Show the passwords related to the matches:



                  grep -Ff matches.txt passwords-with-hashes.txt | cut -f2



                4. Securely remove the files you've created:



                  shred --remove hashes.txt matches.txt passwords.txt passwords-with-hashes.txt







                share|improve this answer













                Prerequisites





                • 7z, which should be in the "p7zip" package.


                • sha1sum and shred, which should be in the "coreutils" package.


                • grep from the "grep" package.


                Process





                1. Create a file with unique upper case password hashes, and a file with passwords and their corresponding hashes:



                  sort -u passwords.txt | while read -r password
                  do
                  hash="$(printf '%s' "$password" |
                  sha1sum |
                  cut -d' ' -f1 |
                  tr 'a-f' 'A-F')"
                  printf '%sn' "$hash" >> hashes.txt
                  printf '%st%sn' "$hash" "$password" >> passwords-with-hashes.txt
                  done



                2. Match your hashes to all the entries in the downloaded file:



                  7z e -so pwned-passwords-sha1-ordered-by-hash-v*.7z | 
                  cut -c 1-40 |
                  grep -Fxf hashes.txt |
                  tee matches.txt


                  Be patient - this took nearly 20 minutes on a desktop machine with an SSD!




                3. Show the passwords related to the matches:



                  grep -Ff matches.txt passwords-with-hashes.txt | cut -f2



                4. Securely remove the files you've created:



                  shred --remove hashes.txt matches.txt passwords.txt passwords-with-hashes.txt








                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 20 hours ago









                l0b0l0b0

                27.9k17118246




                27.9k17118246






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495398%2fhow-to-match-by-passwords-against-have-i-been-pwned%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Accessing regular linux commands in Huawei's Dopra Linux

                    Can't connect RFCOMM socket: Host is down

                    Kernel panic - not syncing: Fatal Exception in Interrupt