Checking myself in HIBP

I recently looked up my email in HIBP's database. Turns out my email had been hit in a few leaks over the past couple years. The natural next step was to check for my password in their database.

They suggest downloading their password database using their .net tool. However, I couldn't be bothered to learn their tool. There's another toolk that serves the same function here. In case that goes private or is deleted I made a fork here.

Running this tool ( ./script.py ./script.py ) will download a  40GB text file of hash_suffix:num_occurrences hash_suffix:num_occurrences . If I want to check my password, I need to generate a sha1 hash. There's a bunch of tools to do this (sha1sum, openssl etc), but I used rhash. rg -i $(echo -n "$MY_PASSWORD" | rhash --sha1 --simple - | awk '{print $1}' | cut -c 6-) hashed_passwords.txt rg -i $(echo -n "$MY_PASSWORD" | rhash --sha1 --simple - | awk '{print $1}' | cut -c 6-) hashed_passwords.txt will do the trick. The inner command will output a hash, but then we only care about the second 35 characters (the first 5 are used in lookup and then dropped), which is the reason for the cut invocation.