Troy Hunt recently released over 300 million SHA1 hashes of passwords that his Have I Been Pwned website has been collecting. The site allows you to search the database to see if your passwords are included in those from many data dumps and breaches. However, putting a valid password into a third party website, even one that’s claiming to do good things (and I’m sure it is) is a bad idea. The roughly 6GB of downloads allow you to search the cache of passwords yourself, on your own machine, which is much safer.
Loading these files into an editor to use the search function is not going to be easy though, so I wrote a script to search the file piece by piece.
At the moment there are three files, and I concatenated them using the Windows copy command and the /b switch:
copy file1.txt+file2.txt+file3.txt output.txt
How it works
This PowerShell script takes two parameters: The path to the password file, and the password to search for. It converts the password into a SHA1 hash, and then searches the file looking for that hash. It’s not fast, but does give you a very rough progress bar. Use an SSD, a fast processor (with turbo capability) and if you’re going to do multiple searches, more RAM than the size of the hashes text file plus plenty of room for your OS (Windows will cache the entire file in RAM if it can). The script reports if it’s found the hash of your password or not – you can test it with a password like qwerty or 123456 just to check as these are both in there.
Usage
Save the file, and specify the parameters on the command line:
.\SearchPwned.ps1 -PassFile = C:\users\me\documents\pwned-passwords.txt -Password “MySecretPassword”
Script
param([Parameter(Mandatory=$true)][string]$PassFile,[Parameter(Mandatory=$true)][string]$Password) $StringBuilder = New-Object System.Text.StringBuilder [System.Security.Cryptography.HashAlgorithm]::Create("SHA1").ComputeHash([System.Text.Encoding]::UTF8.GetBytes($Password)) | foreach{ [Void]$StringBuilder.Append($_.ToString("x2")) } $Hash = $StringBuilder.ToString() Write-Host "Searching for $Hash" -ForegroundColor Gray # Do some rough maths to give an idea of progress $FileSize = (Get-ChildItem -Path $PassFile).Length $HashSize = $Hash.Length $ChunkSize = 2000 $ChunkLength = $HashSize * $ChunkSize $Found = $false Get-Content -Path $PassFile -ReadCount $ChunkSize | foreach{ $ChunkLengthRead = $ChunkLengthRead + $ChunkLength Write-Progress -Activity "Searching" -PercentComplete ($ChunkLengthRead/$FileSize*100) if($_ -match $Hash){ $Found = $true return } } Write-Progress -Activity "Searching" -Completed if($Found){ Write-Host "Found" -ForegroundColor Red }else{ Write-Host "Not Found" -ForegroundColor Green }
This worked great a couple years ago when I last tried it but today I’m getting:
C:\pwned\SearchPwned.ps1 : A positional parameter cannot be found that accepts argument ‘C:\pwned\pwned-passwords.txt’.
At line:1 char:1
+ .\SearchPwned.ps1 -PassFile = C:\pwned\pwned-passwords.txt -Password …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [SearchPwned.ps1], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,SearchPwned.ps1
LikeLike
Loose the equals sign when you call the script. I need to edit the post to remove it but can’t on my phone :-)
LikeLike