Orion checks for compromised passwords using Have I Been Pwned API

Table of Contents

Website https://andinus.nand.sh/orion/
Source https://git.tilde.institute/andinus/orion
GitHub (Mirror) https://github.com/andinus/orion




Initially it presented a simple prompt that accepted a password & it checked that password against HIBP database. Orion v0.2.0+ checks for compromised passwords in my password store. It builds a list of all the passwords in ~/.password-store & performs these operations on each file:

  • Password is hashed & split (prefix: [:5], suffix: [5:])
  • Prefix is sent to the HIBP API
  • HIBP API returns list of suffixes along with frequency
  • Orion looks for suffix from the list of suffixes

Match means the password is present in HIBP database & has been compromised.

  • Note: Password not present in database doesn't mean that it is a strong password.



If enabled, it prints a "." for every password entry it checks.


Orion v0.1.0 was a simple cli application that asked user for password & returned the results. I never used this because I don't generate password in head, pass is my password manager & it stores all my passwords.

Orion was ported from Go to Raku.

Andinus / / Modified: 2022-10-15 Sat 22:49 Emacs 27.2 (Org mode 9.4.4)