Interactive Demo
Click on the terminal and type a password to check. Press Enter to run the breach check. The tool simulates SHA-1 hashing, k-anonymity prefix lookup, and breach count results.
About this project
This command-line tool allows users to securely check whether their passwords have appeared in known data breaches without ever exposing the password itself. The tool uses SHA-1 hashing to compute the hash of the user's password, then leverages the k-anonymity model: only the first 5 characters of the 40-character hash are sent to the Have I Been Pwned API. The API returns all hash suffixes matching that prefix, and the tool performs a local comparison to determine if the full hash appears in the breached dataset.
This approach ensures that the user's actual password or its complete hash is never transmitted over the network, preserving privacy while still enabling breach detection. The k-anonymity technique guarantees that any given request is indistinguishable from hundreds of other possible passwords sharing the same hash prefix. The tool reports the number of times a password has been found in breaches, helping users make informed decisions about their credential hygiene.