Password Checker
Brian Milby
brian at milby7.com
Thu Feb 22 23:50:12 EST 2018
Read this interesting article about a half billion PW database of
compromised passwords that I thought I'd share:
*https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
<https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/>*
*on* mouseUp
*local* tSHAData, tSHAHex, tList
*put* messageDigest(the text of field "password", "SHA-1") into tSHAData
*repeat* for each byte tByte in tSHAData
*put* format("%02X",bytetonum(tByte)) after tSHAHex
*end* *repeat*
*put* url ("https://api.pwnedpasswords.com/range/" & char 1 to 5 of
tSHAHex) into tList
*delete* char 1 to 3 of tList *-- delete the BOM*
*filter* tList with (char 6 to -1 of tSHAHex) & "*"
*set* the itemdel to ":"
*put* item 2 of tList into field "hits"
*end* mouseUp
I've written some code that uses the new v2 API. You send the first 5
characters of the SHA1 of your password and get a list back of matches.
You can then see if the rest of the hash is in the list and get the number
of times it appears on the list. "123123" appears 2048411 times for
example.
I'm sure that someone can tighten it up some, but just wanted to make
something in LiveCode that could use the API.
You can also download the full database of SHA1 values (8.75GB) if you
would want to use to provide a service. Links are in the article (he
prefers that you use a torrent).
Thanks,
Brian
More information about the use-livecode
mailing list