top | item 45840724

(no title)

You can check against the API with just the first characters of your hashed password (SHA-1 or NTLM), for example: https://api.pwnedpasswords.com/range/21BD1 or you can download the entire dataset.

discuss

ekjhgkejhgk|3 months ago

How can you download the entire dataset?

windsurfer|3 months ago

You can download the entire dataset using curl (will be 40+ GB)

    curl -s --retry 10 --retry-all-errors --remote-name-all --parallel --parallel-max 150 "https://api.pwnedpasswords.com/range/{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}"

MattSteelblade|3 months ago

Several open source tools can be found on GitHub, but here’s the “official” one https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader

zahlman|3 months ago

Second line I already notice:

> 000F6468C6E4D09C0C239A4C2769501B3DD:5894

... Does the 5894 mean what I think it does?

red369|3 months ago

I remember when I was searching the file for some passwords my friends and family use, it took me a while to work out that number too. There are some passwords that many people seem to independently come up with and think must be reasonably secure. I suppose they are to the most basic of attacks.

esnard|3 months ago

5894 means that the password appeared 5894 times in the dataset.

5894 is not the password associated with the hash.