Check a password hash (SHA-1) against a list of hashes of known breached passwords downloaded from the haveibeenpwned database using the easypwned downloader.
Service meta data is available at GET /.
The service provides a GET endpoint:
/:hashWhere :hash is a hex-encoded SHA-1 hash of the password to check; the reply is a JSON number 1 if the password hash was found in the database otherwise 0.
To check a batch of SHA-1 hashes send a POST request to / with a JSON array of hex-encoded strings.
The response will be a JSON array of equal length to the input with a 1 if the hash was found and 0 otherwise.
Run the scripts/download.sh script to install the downloader, download the database and create the bloom filter.
Run the scripts/upload.sh script to copy the bloom filter and meta data files to S3.
If you have already downloaded the database then using -f Dockerfile-local will be faster as it won't download the bloom filter data from S3.
docker build . --tag hashcheckdocker run -it --rm --name hashcheck -p 3342:3342 hashcheckTag and push to run the workflow that deploys the container to ECR:
git tag v1.0.0
git push origin v1.0.0Deploy to the container registry.
Create a login password for the container registry:
AWS_PROFILE=sos-containers aws ecr-public get-login-password \
--region us-east-1 | docker login \
--username AWS --password-stdin public.ecr.aws/s2y4a9f8For MacOS with ARM chips build for the correct deployment architecture and push:
docker buildx build --platform=linux/amd64 --push -t public.ecr.aws/s2y4a9f8/hashcheck:latest .Build the image:
docker build . --tag hashcheckTag the image:
docker tag hashcheck:latest public.ecr.aws/s2y4a9f8/hashcheck:latestPush the image to the registry:
docker push public.ecr.aws/s2y4a9f8/hashcheck:latest© Copyright Save Our Secrets Pte Ltd 2022; all rights reserved.