J. Landman Gay
jacque at hyperactivesw.com
Sat Feb 24 16:17:08 EST 2018
I just got around to trying this -- *very* useful, thanks for posting it.
There are no matches for any of my passwords I've tried so far. :) On
the other hand, even "AbrahamLincoln" has 128 matches. And you have to
insert commas to read the number returned for "qwerty".
On 2/22/18 10:50 PM, Brian Milby via use-livecode wrote:
> Read this interesting article about a half billion PW database of
> compromised passwords that I thought I'd share:
> *on* mouseUp
> *local* tSHAData, tSHAHex, tList
> *put* messageDigest(the text of field "password", "SHA-1") into tSHAData
> *repeat* for each byte tByte in tSHAData
> *put* format("%02X",bytetonum(tByte)) after tSHAHex
> *end* *repeat*
> *put* url ("https://api.pwnedpasswords.com/range/" & char 1 to 5 of
> tSHAHex) into tList
> *delete* char 1 to 3 of tList *-- delete the BOM*
> *filter* tList with (char 6 to -1 of tSHAHex) & "*"
> *set* the itemdel to ":"
> *put* item 2 of tList into field "hits"
> *end* mouseUp
> I've written some code that uses the new v2 API. You send the first 5
> characters of the SHA1 of your password and get a list back of matches.
> You can then see if the rest of the hash is in the list and get the number
> of times it appears on the list. "123123" appears 2048411 times for
> I'm sure that someone can tighten it up some, but just wanted to make
> something in LiveCode that could use the API.
> You can also download the full database of SHA1 values (8.75GB) if you
> would want to use to provide a service. Links are in the article (he
> prefers that you use a torrent).
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the Use-livecode