summary refs log tree commit diff stats
path: root/README.org
blob: 3e3c931454372698d12a95d4d7c97dc4eafb2a9b (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#+HTML_HEAD: <link rel="stylesheet" href="../../static/style.css">
#+HTML_HEAD: <link rel="icon" href="../../static/projects/orion/favicon.png" type="image/png">
#+EXPORT_FILE_NAME: index
#+TITLE: Orion

Orion is a simple cli client to check for compromised passwords using Have I
Been Pwned API.

*Note*: Your password is not sent anywhere, only the first 5 characters of the
SHA-1 hash of the input is sent to HIBP API.

*Note*: Padding is currently not supported by Orion.

* Working
- Orion takes input from the user
- Input is hashed & split (prefix: [:5], suffix: [5:])
- Prefix is sent to the HIBP API
- HIBP API returns list of suffixes along with frequency
- Orion looks for suffix from the list of suffixes

Match means the password is present in HIBP database & has been compromised.