Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PWNED-CHECK(1)		FreeBSD	General	Commands Manual		PWNED-CHECK(1)

     pwned-check -- Check word against list of known stolen passwords.

     pwned-check [-u]

     The pwned-check utility checks the	passwords piped	in via standard	input
     (one per line) against a huge database of passwords that are known	to
     have been stolen in data breaches.

     SHA1 hashes of these passwords have been published	at

     If	any of the checked passwords is	found in the database, it is printed
     on	standard output	and the	exit status of pwned-check is set to 1.	 No
     output is generated for passwords not found in the	database.

     The database can be downloaded to a local directory or it can be queried
     by	a method that does not make the	hash queried known to the remote
     server.  The remote query is performed if the pawned password database
     has not been fetched and stored on	the local system.  While the remote
     accesses are not as fast as a local lookup, they will query an always up-
     to-date database and allow	to avoid the download and storage of this huge

     Instead of	plain passwords, SHA1 hashes of	passwords may be supplied.
     Matches will be reported, but there is no provision to report the plain
     text password corresponding to a given SHA1 hash.

     If	the option -u is used, the password hash database is downloaded	and
     initialized.  This	process	will temporarily require some 18 GB of free
     space in the database directory, which is /var/db/pwned-check by default.
     This location can be changed in the configuration file, prior to starting
     the download.

     /usr/local/etc/pwned-check.conf  Optional configuration file.

     /var/db/pwned-check	      Default location of pwned	password hash
				      database.	 Needs 18 GB of	free space
				      during download, 13 GB when finished.

     pwned-check returns 0 if none of the passwords to check have been found
     in	the pwned password database, else 1.

     If	the -u option is used to download the pwned password hashes, an	exit
     code of 0 indicates success, 1 failure to fetch and initialize the	data-

     Download the pwned	password hash files:

	   pwned-check -u

     Check passwords passed on standard	input against pwned password database:

	   echo	badpasswd | pwned-check

FreeBSD	13.0		       October 23, 2017			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help