Check a password hash (SHA-1) against a list of hashes of known breached passwords downloaded from the haveibeenpwned database using the easypwned downloader.
Service meta data is available at GET /
.
The service provides a GET endpoint:
/:hash
Where :hash
is a hex-encoded SHA-1 hash of the password to check; the reply is a JSON number 1
if the password hash was found in the database otherwise 0
.
To check a batch of SHA-1 hashes send a POST request to /
with a JSON array of hex-encoded strings.
The response will be a JSON array of equal length to the input with a 1
if the hash was found and 0
otherwise.
Run the scripts/download.sh
script to install the downloader, download the database and create the bloom filter.
Run the scripts/upload.sh
script to copy the bloom filter and meta data files to S3.
If you have already downloaded the database then using -f Dockerfile-local
will be faster as it won't download the bloom filter data from S3.
docker build . --tag hashcheck
docker run -it --rm --name hashcheck -p 3342:3342 hashcheck
Tag and push to run the workflow that deploys the container to ECR:
git tag v1.0.0
git push origin v1.0.0
Deploy to the container registry.
Create a login password for the container registry:
AWS_PROFILE=sos-containers aws ecr-public get-login-password \
--region us-east-1 | docker login \
--username AWS --password-stdin public.ecr.aws/s2y4a9f8
For MacOS with ARM chips build for the correct deployment architecture and push:
docker buildx build --platform=linux/amd64 --push -t public.ecr.aws/s2y4a9f8/hashcheck:latest .
Build the image:
docker build . --tag hashcheck
Tag the image:
docker tag hashcheck:latest public.ecr.aws/s2y4a9f8/hashcheck:latest
Push the image to the registry:
docker push public.ecr.aws/s2y4a9f8/hashcheck:latest
© Copyright Save Our Secrets Pte Ltd 2022; all rights reserved.