summary refs log blame commit diff stats
path: root/README.org
blob: 532bfb9cb3eabe89f4b9249f38654a082464e952 (plain) (tree)
1
2
3
4
5
6
7
8

                                                                                  


                         
                                                                         

               


                                                                                                                 


                                                                              
      


                                                                                          
         
                                                         




                                                                            


                                                                         
#+HTML_HEAD: <link rel="stylesheet" href="../static/style.css">
#+HTML_HEAD: <link rel="icon" href="../static/orion/favicon.png" type="image/png">
#+EXPORT_FILE_NAME: index
#+TITLE: Orion

Orion is a simple program to check for compromised passwords using Have I
Been Pwned API.

Currently it only supports [[https://www.passwordstore.org][pass]], other password managers maybe be supported in
the future.

*Note*: Your password is not sent anywhere, only the first 5 characters of the
SHA-1 hash of the input is sent to HIBP API.

* Demo
| Demo Video   |
|--------------|
| [[https://diode.zone/videos/watch/ffd4021d-2b39-4e6a-993e-3eacf9323320][Orion v0.1.0]] |
* Working
- Password is hashed & split (prefix: [:5], suffix: [5:])
- Prefix is sent to the HIBP API
- HIBP API returns list of suffixes along with frequency
- Orion looks for suffix from the list of suffixes

Match means the password is present in HIBP database & has been compromised.

*Note*: Password not present in database doesn't mean that it is a strong
 password.