Have You Been Pwned: Update 2

Troy Hunt has updated the haveibeenpwned list of pwned passwords, which now contains a staggering 517 million compromise passwords (as SHA1 hashes).

I have downloaded Version 3 (ordered by hash) and tested it against my software on GitHub. It appears to still be working.

It is still open source, available under the MIT Licence. This means you can do pretty much what ever you want with it and make sure it isn’t doing anything nefarious with your passwords.


Do not enter passwords you use on the haveibeenpwned website or in the app while using the web API. If you don’t understand why, please consult your nearest smart friend.

I am tempted to add some code to allow you to save your hashes (as an encrypted file) so each time new passwords are added it will be easier to check your existing passwords.

Find the offline password searcher on GitHub here

More info and updates here. Hopefully I will do a user guide soon as well.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.