[PATCH] Add command 'check' to check passwords against HIBP

Steve Gilberd steve at erayd.net
Fri Jan 18 11:49:03 CET 2019

Properly generated passwords are significantly rarer than other types
though, because it's much harder to crack the hashes for them. So in the
case of non-plaintext breaches, you'll see far fewer.


On Fri, 18 Jan 2019, 22:14 Tristan Miller, <psychonaut at nothingisreal.com>

> Greetings.
> On Thu, 17 Jan 2019 14:48:04 -0800, Pass Word
> <passwordstore at 89vx.net> wrote:
> > Someone asked on irc today for an option to check passwords against
> > the Have I Been Pwned website to see if they are already
> > compromised.  It is probably extremely rare for a password generated
> > with pass to already be on there but whatever, it is still somewhat
> > useful to check other passwords you might have stored in pass.
> I wouldn't say that finding a pass-generated password listed on Have I
> Been Pwned is "extremely rare" -- the breaches recorded there
> come from websites that stored passwords insecurely (such as in
> plaintext). So no matter how secure a password you chose for such a
> website, it will still be catalogued on HIBP.
> I do generate all my passwords randomly, and use a unique password on
> each site.  Still, it's important for me to know if any of these are
> compromised so that I can change the password on the affected site.
> Thanks to the other posters in this thread for sharing the tools they
> use to mass-check the password store against HIBP in a secure way.
> Regards,
> Tristan
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>                   Tristan Miller
> Free Software developer, ferret herder, logologist
>              https://logological.org/
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store


*Steve Gilberd*
Erayd LTD *·* Consultant
*Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237*
*PO Box 10019, The Terrace, Wellington 6143, NZ*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190118/eaa42a1d/attachment.html>

More information about the Password-Store mailing list