{ "info": { "author": "Dan Loewenherz", "author_email": "dan@lionheartsw.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Natural Language :: English", "Operating System :: MacOS :: MacOS X", "Operating System :: OS Independent", "Operating System :: Unix", "Programming Language :: Python", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Topic :: Internet :: WWW/HTTP :: Dynamic Content :: CGI Tools/Libraries", "Topic :: Software Development :: Libraries", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Utilities" ], "description": "|image0| |image1|\n\n|Version| |Python Versions|\n\n``django-pwnedpasswords-validator`` is a Django password validator that\nchecks if a user-provided password exists in a data breach using the\n`Pwned Passwords v2\nAPI `_. All provided\npassword data is\n`k-anonymized `_ before\nbeing sent to the API, so plaintext passwords never leave your server.\n\nFrom https://haveibeenpwned.com/API/v2#PwnedPasswords:\n\n Pwned Passwords are more than half a billion passwords which have\n previously been exposed in data breaches. The service is detailed in\n the `launch blog\n post `_\n then `further expanded on with the release of version\n 2 `_.\n The entire data set is `both downloadable and searchable online via\n the Pwned Passwords page `_.\n\nInstallation\n------------\n\ndjango-pwnedpasswords-validator is available for download through\n`PyPi `_.\nYou can install it right away using pip.\n\n.. code:: bash\n\n pip install django-pwnedpasswords-validator\n\nThen, add django-pwnedpasswords-validator to your ``INSTALLED_APPS``:\n\n.. code:: python\n\n INSTALLED_APPS = (\n ...\n 'django_pwnedpasswords_validator'\n )\n\nFinally, add django-pwnedpasswords-validator to\n``AUTH_PASSWORD_VALIDATORS``:\n\n.. code:: python\n\n AUTH_PASSWORD_VALIDATORS = [\n ...\n {\n 'NAME': \"django_pwnedpasswords_validator.validation.PwnedPasswordValidator\"\n }\n ]\n\nIf you\u2019d like to customize the error message (the default is *\u201cThis\npassword has previously appeared in a data breach and should not be\nused.\u201d*), you can pass in an alternate in the ``OPTIONS`` parameter for\nthe validator.\n\n.. code:: python\n\n AUTH_PASSWORD_VALIDATORS = [\n ...\n {\n 'NAME': \"django_pwnedpasswords_validator.validation.PwnedPasswordValidator\",\n 'OPTIONS': {\n 'error_text': \"Your password was found in a data breach.\",\n }\n }\n ]\n\nSecurity Note\n^^^^^^^^^^^^^\n\nNo plaintext passwords ever leave your server using\ndjango-pwnedpasswords-validator.\n\nHow does that work? Well, the Pwned Passwords v2 API has a pretty cool\n`k-anonymity `_\nimplementation.\n\nFrom\nhttps://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/:\n\n Formally, a data set can be said to hold the property of\n k-anonymity, if for every record in a released table, there are k \u2212\n 1 other records identical to it.\n\nThis allows us to only provide the first 5 characters of the SHA-1 hash\nof the password in question. The API then responds with a list of SHA-1\nhash suffixes with that prefix. On average, that list contains 478\nresults.\n\nPeople smarter than I am have used\n`math `_\nto prove that 5-character prefixes are sufficient to maintain\nk-anonymity for this database.\n\nIn short: your plaintext passwords are protected if you use this\nlibrary. You won\u2019t leak any enough data to identity which passwords\nyou\u2019re searching for.\n\nThanks\n------\n\nSpecial thanks to `Troy Hunt `_ for\ncollecting this data and providing this service.\n\nAuthors\n-------\n\n`Dan Loewenherz `_\n\nSee also\n--------\n\n`pwnedpasswords `_, a\ncommand-line utility and Python library for the Pwned Passwords v2 API.\n\nLicense\n-------\n\nApache License, Version 2.0. See `LICENSE `_ for details.\n\n.. |image0| image:: meta/repo-banner-2.png\n.. |image1| image:: meta/repo-banner-bottom.png\n :target: https://github.com/lionheart/django-pwnedpasswords-validator/blob/master/https://lionheartsw.com/\n.. |Version| image:: https://img.shields.io/pypi/v/django-pwnedpasswords-validator.svg?style=flat\n :target: https://github.com/lionheart/django-pwnedpasswords-validator/blob/master/https://pypi.python.org/pypi/django-pwnedpasswords-validator\n.. |Python Versions| image:: https://img.shields.io/pypi/pyversions/django-pwnedpasswords-validator.svg?style=flat\n :target: https://github.com/lionheart/django-pwnedpasswords-validator/blob/master/https://pypi.python.org/pypi/django-pwnedpasswords-validator\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "https://github.com/lionheart/django-pwnedpasswords-validator/tarball/1.0.1", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/lionheart/django-pwnedpasswords-validator", "keywords": "passwords security", "license": "Apache 2.0", "maintainer": "", "maintainer_email": "", "name": "django-pwnedpasswords-validator", "package_url": "https://pypi.org/project/django-pwnedpasswords-validator/", "platform": "", "project_url": "https://pypi.org/project/django-pwnedpasswords-validator/", "project_urls": { "Download": "https://github.com/lionheart/django-pwnedpasswords-validator/tarball/1.0.1", "Homepage": "https://github.com/lionheart/django-pwnedpasswords-validator" }, "release_url": "https://pypi.org/project/django-pwnedpasswords-validator/1.0.1/", "requires_dist": [ "pwnedpasswords" ], "requires_python": "", "summary": "A Django app that validates user passwords against the Pwned Passwords v2 API.", "version": "1.0.1" }, "last_serial": 4289783, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "fc9c1a8c53924d10b17602bd984cc901", "sha256": "472f8da9bef5ed5c1591e57aface182c428d71e88ccf80f77ba0200264023609" }, "downloads": -1, "filename": "django_pwnedpasswords_validator-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "fc9c1a8c53924d10b17602bd984cc901", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8154, "upload_time": "2018-02-24T16:00:42", "url": "https://files.pythonhosted.org/packages/bb/b5/4cbbf1e0553e55825dd8389b5f18996cae17839d0836366e8cf6eaf75536/django_pwnedpasswords_validator-0.1.0-py2.py3-none-any.whl" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "86b78eb525eec8ade7b2958a4e90d3bb", "sha256": "390bb538e71d62bdd2f19559d61a420c60afadde914b7410c17dc637b178b4bf" }, "downloads": -1, "filename": "django_pwnedpasswords_validator-0.1.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "86b78eb525eec8ade7b2958a4e90d3bb", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8492, "upload_time": "2018-02-24T16:02:48", "url": "https://files.pythonhosted.org/packages/01/f7/5a6e71b8de62cd22078c385191f5689d5c59988cabca2b254a70acac1d02/django_pwnedpasswords_validator-0.1.1-py2.py3-none-any.whl" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "9c66935422a823ac3c14557f9214eda5", "sha256": "48199ebc2eef06cdf150ff6850cca133dba2dba784a3cd52af9c8537ede11ff9" }, "downloads": -1, "filename": "django_pwnedpasswords_validator-0.1.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "9c66935422a823ac3c14557f9214eda5", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8582, "upload_time": "2018-02-24T16:04:42", "url": "https://files.pythonhosted.org/packages/e2/69/c8575c39cfda8c94064ee51b9d81abcba8e4006cb95afda20cb750eac8f8/django_pwnedpasswords_validator-0.1.2-py2.py3-none-any.whl" } ], "0.1.3": [ { "comment_text": "", "digests": { "md5": "44bccd2f0090e116f44a9bb69e468737", "sha256": "b664b36516b8c5a78426fc5cd6223b72d2d7fc03120e41e4bc0e6dabd0844039" }, "downloads": -1, "filename": "django_pwnedpasswords_validator-0.1.3-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "44bccd2f0090e116f44a9bb69e468737", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8421, "upload_time": "2018-02-24T16:07:53", "url": "https://files.pythonhosted.org/packages/ca/49/2b30dc283506d43418e4283f742367534a630796c6639f834f7013e2c153/django_pwnedpasswords_validator-0.1.3-py2.py3-none-any.whl" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "6aa222a2f93b481f93bae4a4c5febb83", "sha256": "10b6d1dfb3513c6779c9e0e21ddbcaa42c133339bbbc5285c105831adc8341b4" }, "downloads": -1, "filename": "django_pwnedpasswords_validator-1.0.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "6aa222a2f93b481f93bae4a4c5febb83", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8420, "upload_time": "2018-03-07T02:26:33", "url": "https://files.pythonhosted.org/packages/69/17/01f6d0c668ca3866918800016cef2bc5277e30717772db9ad2eba2590eb5/django_pwnedpasswords_validator-1.0.0-py2.py3-none-any.whl" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "e22f53ae2d1a281447f8dc37eeadfac2", "sha256": "bcfad855f8cbbf49c124596d16539a763e7c8d9524c14889fabce58039c6b25e" }, "downloads": -1, "filename": "django_pwnedpasswords_validator-1.0.1-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "e22f53ae2d1a281447f8dc37eeadfac2", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 5562, "upload_time": "2018-09-19T19:18:41", "url": "https://files.pythonhosted.org/packages/41/f1/daf18e0ea2aa0be3a63d4ec9d334e0936838f338c7e2a6116aa93ad6b4a2/django_pwnedpasswords_validator-1.0.1-py2.py3-none-any.whl" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e22f53ae2d1a281447f8dc37eeadfac2", "sha256": "bcfad855f8cbbf49c124596d16539a763e7c8d9524c14889fabce58039c6b25e" }, "downloads": -1, "filename": "django_pwnedpasswords_validator-1.0.1-py2.py3-none-any.whl", "has_sig": true, "md5_digest": "e22f53ae2d1a281447f8dc37eeadfac2", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 5562, "upload_time": "2018-09-19T19:18:41", "url": "https://files.pythonhosted.org/packages/41/f1/daf18e0ea2aa0be3a63d4ec9d334e0936838f338c7e2a6116aa93ad6b4a2/django_pwnedpasswords_validator-1.0.1-py2.py3-none-any.whl" } ] }