Simple javascript library to check if user password was leaked in the past
For security reasons, the comparison takes place only in the user's browser without sending any data.
Except 6 char long sha1 hash prefix for have i been pwned api if enabled
You can check user's password in three modes:
- HIBP - use haveibeenpwned.com api to check if password exists in leaked databases
- Most Common - 100.000 most common passwords dictionary
- Last Chaos
var settings = {
'mode': {
'hibp': true,
'mostcommon': true,
'lastchaos': true
},
'hibp-api': 'https://api.pwnedpasswords.com/range/', // have i been pwned api url
'data-dir': './data/' // password dictionaries location
};
var test = await chaosleak(settings, "password123");