PHPackages univ-rennes2/pwned-passwords - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. univ-rennes2/pwned-passwords ActiveLibrary[Security](/categories/security) univ-rennes2/pwned-passwords ============================ A PHP lib for Pwned Passwords's API v1.0.2(3y ago)144LGPL-3.0-or-laterPHPPHP \* Since Feb 12Pushed 1y ago2 watchersCompare [ Source](https://github.com/DSI-Universite-Rennes2/php-pwned-passwords)[ Packagist](https://packagist.org/packages/univ-rennes2/pwned-passwords)[ RSS](/packages/univ-rennes2-pwned-passwords/feed)WikiDiscussions master Synced yesterday READMEChangelog (3)Dependencies (3)Versions (4)Used By (0) PHP Pwned Passwords =================== [](#php-pwned-passwords) [![Latest Stable Version](https://camo.githubusercontent.com/56e3423eb71b06d6fdceb49169a5608bdbb27a997884c5353ad2710d9dbf514f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f756e69762d72656e6e6573322f70776e65642d70617373776f726473)](https://packagist.org/packages/univ-rennes2/pwned-passwords)[![REUSE compliant](https://camo.githubusercontent.com/304076780647a8f83c1275247ada8e2bf662c55927049b7067bc87523bbc8582/68747470733a2f2f72657573652e736f6674776172652f62616467652f72657573652d636f6d706c69616e742e737667)](https://reuse.software/)[![Minimum PHP Version](https://camo.githubusercontent.com/d8d213076fcbb7550e5836cd5f889f3eb31c08f5b5dac45b9e95b0790bdabb66/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f756e69762d72656e6e6573322f70776e65642d70617373776f7264733f636f6c6f723d677265656e267374796c653d666c61742d737175617265)](https://php.net/)[![Unit tests](https://github.com/DSI-Universite-Rennes2/php-pwned-passwords/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/DSI-Universite-Rennes2/php-pwned-passwords/actions/workflows/unit-tests.yml)[![Coverage Status](https://camo.githubusercontent.com/a9e4f06e4aec7feb4e5828026b79694f04bd8d3969063d485211712bcb023d82/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f4453492d556e69766572736974652d52656e6e6573322f7068702d70776e65642d70617373776f7264732f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/DSI-Universite-Rennes2/php-pwned-passwords?branch=master)[![License](https://camo.githubusercontent.com/a28f3bcd4ceb78d43cb1658f5eec11332eccb5710b5e6e5b349a5592a51fe4e1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f756e69762d72656e6e6573322f70776e65642d70617373776f7264733f636f6c6f723d67726565)](LICENSE) A PHP library for the [Pwned Passwords's](https://haveibeenpwned.com/Passwords) API from Troy Hunt's [Have I Been Pwned](https://haveibeenpwned.com/) project. The main feature compare to others is that you can configure your [own API endpoint](https://github.com/tylerchr/pwnedpass) if don't want to use HIBP's API. Table of Contents ----------------- [](#table-of-contents) - [What about security of the Pwned Password API ?](#what-about-security-of-the-pwned-password-api-) - [Install](#install) - [Usage](#usage) - [Contribute](#contribute) - [License](#license) What about security of the Pwned Password API ? ----------------------------------------------- [](#what-about-security-of-the-pwned-password-api-) Testing real passwords on a remote API ? What about security and privacy ? You don't send the password to the API, only the first 5 characters of the SHA1 password's hash are sent to the endpoint API. It's the implementation of a mathematical property called [k-anonymity](https://en.wikipedia.org/wiki/K-anonymity). Not enough for you ? You can build your own API by using [this Golang project](https://github.com/tylerchr/pwnedpass) : - to build an optimized binary file from [the official database files](https://haveibeenpwned.com/Passwords) - to run an httpd handler who reproduce the HIBP Pwned Password API. This PHP Pwned Passwords lib permit you to change the API endpoint. Read more about : - [Troy Hunt API's internals](https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/) - [validating leaked password with k-anonymity](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/) Install ------- [](#install) ``` composer require univ-rennes2/pwned-passwords ``` Usage ----- [](#usage) ```