summary refs log tree commit diff stats
path: root/README.org
blob: 33a1c84810c246c3626cb8971e5318979ef43647 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#+HTML_HEAD: <link rel="stylesheet" href="../static/style.css">
#+HTML_HEAD: <link rel="icon" href="../static/orion/favicon.png" type="image/png">
#+EXPORT_FILE_NAME: index
#+TITLE: Orion

Orion is a simple program to check for compromised passwords using Have I
Been Pwned API.

| Project Home    | [[https://andinus.nand.sh/orion/][Orion]]           |
| Source Code     | [[https://git.tilde.institute/andinus/orion][Andinus / Orion]] |
| GitHub (Mirror) | [[https://github.com/andinus/orion][Orion - GitHub]]  |

* Demo
| Demo Video   |
|--------------|
| [[https://diode.zone/videos/watch/ffd4021d-2b39-4e6a-993e-3eacf9323320][Orion v0.1.0]] |
* Working
- Password is hashed & split (prefix: [:5], suffix: [5:])
- Prefix is sent to the HIBP API
- HIBP API returns list of suffixes along with frequency
- Orion looks for suffix from the list of suffixes

Match means the password is present in HIBP database & has been compromised.

*Note*: Password not present in database doesn't mean that it is a strong
 password.
* History
Orion v0.1.0 was a simple cli application that asked user for password &
returned the results. I almost never used this because I don't generate password
in head, =pass= is my password manager & it stores all my passwords. So, the next
version will check all my passwords from password store & return the results.