Password Checker

Roger Eller roger.e.eller at sealedair.com
Fri Feb 23 08:51:56 EST 2018


There seems to be a missing handler, "messageDigest".

~Roger


On Thu, Feb 22, 2018 at 11:50 PM, Brian Milby via use-livecode <
use-livecode at lists.runrev.com> wrote:

> Read this interesting article about a half billion PW database of
> compromised passwords that I thought I'd share:
>
> *https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
> <https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/>*
>
> *on* mouseUp
>    *local* tSHAData, tSHAHex, tList
>    *put* messageDigest(the text of field "password", "SHA-1") into tSHAData
>    *repeat* for each byte tByte in tSHAData
>       *put* format("%02X",bytetonum(tByte)) after tSHAHex
>    *end* *repeat*
>    *put* url ("https://api.pwnedpasswords.com/range/" & char 1 to 5 of
> tSHAHex) into tList
>    *delete* char 1 to 3 of tList *-- delete the BOM*
>    *filter* tList with (char 6 to -1 of tSHAHex) & "*"
>    *set* the itemdel to ":"
>    *put* item 2 of tList into field "hits"
> *end* mouseUp
>
> I've written some code that uses the new v2 API.  You send the first 5
> characters of the SHA1 of your password and get a list back of matches.
> You can then see if the rest of the hash is in the list and get the number
> of times it appears on the list.  "123123" appears 2048411 times for
> example.
>
> I'm sure that someone can tighten it up some, but just wanted to make
> something in LiveCode that could use the API.
>
> You can also download the full database of SHA1 values (8.75GB) if you
> would want to use to provide a service.  Links are in the article (he
> prefers that you use a torrent).
>
> Thanks,
> Brian
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



More information about the Use-livecode mailing list