Skip to content
HIBP for LastPass
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
lastpwn.py

README.md

LastPwn ';-- have my LastPass passwords been pwned?

You can check single passwords using haveibeenpwned.com's web interface or its awesome REST API

But how can you check all my LastPass passwords against HIBP? There is this tool which works pretty well but it won't work for those of us who are paranoid and don't like the idea of revealing even 5 hex digits of their precious password hashes.

So can you do it offline? Yes. Download the pwned passwords list (make sure to get SHA1 one ordered by hash), unpack the file, and grep through it run this tool.

If you are on Linux, create a directory in /dev/shm to store LastPass exported CSV file in RAM rather than on the disk:

mkdir /dev/shm/pws

Go to LastPass → Account Options → Advanced → Export → LastPass CSV File and save it as e.g. /dev/shm/pws/lastpass.csv

And then:

python3 lastpwn.py /dev/shm/pws/lastpass.csv <path-to>/pwned-passwords-sha1-ordered-by-hash-v4.txt

Performance

Since the program is comparing two ordered lists, the processing takes virtually the same amount of time whether you have 10 passwords or 1 million passwords in the CSV file.

You can’t perform that action at this time.