HARDWARE / SOFTWARE FAQ and USEFUL LINKS

#4457917 - 01/19/19 07:51 AM Re: HARDWARE / SOFTWARE FAQ and USEFUL LINKS [Re: Joe]
Joined: Dec 2015 Posts: 602 FsFOOT Member
FsFOOT Member Joined: Dec 2015 Posts: 602	Check Have I Been Pwned database for KeePass passwords.. Locally Please note; Locally means offline! Originally Posted by ghacks.net Check all KeePass passwords against the Have I Been Pwned database locally KeePass users can do the same, but locally. Here is what is needed for that: You need a copy of KeePass - https://keepass.info/ Download the latest version of the KeePass plugin HIPB Offline Check - https://github.com/mihaifm/HIBPOfflineCheck KeePass supports lots of plugins that may improve security and other functionality - (see) https://www.ghacks.net/2012/04/08/keepass-plugins-that-improve-the-password-managers-functionality/ Download the latest SHA-1 (ordered by hash) password database file from Have I Been Pwned - (site) https://haveibeenpwned.com/Passwords Place the plugin file in the KeePass plugin folder. The plugin is open source and you may build it from scratch and vet it if you have the skills. Installed copies of KeePass are found under C:\Program Files (x86)\KeePass by default. Extract the password database file and place it somewhere on the system. Note that it has a size of 23 Gigabytes in plain text format right now, the download has a size of roughly 9 Gigabytes. Start the KeePass password manager afterward and select Tools > HIBP Offline Check in the program's interface. Click on Browse and select the password database file that you extracted to the system. You may change other parameters, e.g. the column name in KeePass or the text that is displayed for secure and insecure passwords. Last but not least, select View > Configure Columns, and activate the Have I Been Pwned column to display the findings of the check in the interface. Checking KeePass passwords against the Have I Been Pwned database keepass password check You have multiple options to check passwords against the database file. - Double-click on the password field of any entry to check it. - Select multiple items, right-click on the selection and pick Selected Entries > Have I Been Pwned database. The plugin checks any updated password against the database automatically. The plugin checks the password's hash against the hash database to determine if it has been leaked. A hit does not necessarily mean that the password is known to third-parties as it depends on the password's strength and the capabilities of the third-party to decrypt it. note: this is for Keepass for Windows- not Linux. I'm looking into if similar for KeepassX on Linux? Links: ghacks page - https://www.ghacks.net/2019/01/18/c...-the-have-i-been-pwned-database-locally/ KeePass - https://keepass.info/ HIPB Offline Check - https://github.com/mihaifm/HIBPOfflineCheck Have I Been Pwned - (site) https://haveibeenpwned.com/Passwords ✅ Roy's EAW Addons ❓EAW HS ⛽ EAW Tally-Ho ♉ Wine 🍜 Steam ⭕ GoG