- Jan 8, 2011
GitHub: GitHub - mihaifm/HIBPOfflineCheck: Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords
It can perform both offline and online checks against the password breach list for any selected password entry.
Double click the plugin column to get an instant status check, or use the right click menu to perform the same check for all selected passwords.
Have I been pwned? is an excellent tool for checking leaked passwords. While it does provide an API for securely checking the passwords online, some bits of a hashed password still need to be sent to the service when performing this type of check.
This plugin offers the alternative of an offline check, by using the downloadable file provided by Have I been pwned.
Online check mode is also provided as an option, being implemented using the k-anonimity model required by the HIBP public API.
The plugin adds a new column to KeePass. When double-clicking the column for a specific entry, the SHA1 hash is calculated for the password, which is then searched in the file. A status will be displayed on the column for that specific password.