LastPwn ';-- have my LastPass passwords been pwned?
But how can you check all my LastPass passwords against HIBP? There is this tool which works pretty well but it won't work for those of us who are paranoid and don't like the idea of revealing even 5 hex digits of their precious password hashes.
So can you do it offline? Yes. Download the pwned passwords list (make sure to get SHA1 one ordered by hash), unpack the file, and
grep through it run this tool.
The LastPass exported CSV file contains your plaintext passwords. For security, download it to RAM rather than disk.
If you are on Linux, create a directory in /dev/shm:
If you are on Mac, create a RAM disk:
diskutil erasevolume HFS+ "pws" `hdiutil attach -nomount ram://2048`
Go to LastPass → Account Options → Advanced → Export → LastPass CSV File and save it as e.g.
python3 lastpwn.py /dev/shm/pws/lastpass.csv <path-to>/pwned-passwords-sha1-ordered-by-hash-v4.txt
Since the program is comparing two ordered lists, the processing takes virtually the same amount of time whether you have 10 passwords or 1 million passwords in the CSV file.