Password Checker

Password Checker

Building a Password Checker: Strength + Breach Detection in Python 构建密码检查器:Python 实现强度分析与泄露检测

I recently built my second cybersecurity tool — a password checker that does two things: analyzes password strength AND checks if it’s been leaked in a data breach. Here’s how I built it. 最近,我构建了我的第二个网络安全工具——一个密码检查器。它具备两项功能:分析密码强度,并检查密码是否在数据泄露事件中被曝光。以下是我的构建过程。

The Inspiration 灵感来源

After building my first tool (a multi-threaded port scanner), I wanted to tackle something directly related to everyday security. Passwords are everywhere, and most people don’t know if their passwords are strong or if they’ve been exposed in a breach. I wanted to build a tool that would answer two questions: Is this password strong? Has this password been leaked? 在完成了我的第一个工具(多线程端口扫描器)后,我想尝试解决一些与日常安全直接相关的问题。密码无处不在,但大多数人并不知道自己的密码是否足够强大,或者是否已经在泄露事件中被曝光。我希望构建一个能够回答以下两个问题的工具:这个密码强度够吗?这个密码泄露了吗?

What It Does 功能介绍

🔐 1. Strength Analysis 🔐 1. 强度分析

The tool checks five criteria and gives a score from 0-6: 该工具会检查五个标准,并给出 0 到 6 分的评分:

CriteriaPoints
Length (12+ characters)+2
Length (8-11 characters)+1
Uppercase letters+1
Lowercase letters+1
Numbers+1
Symbols (!@#$%^&*)+1
标准分值
长度(12 位以上)+2
长度(8-11 位)+1
大写字母+1
小写字母+1
数字+1
符号 (!@#$%^&*)+1

Score Interpretation: 评分解读:

ScoreRating
5-6🟢 GREAT
4🟢 GOOD
3🟡 DECENT
0-2🔴 WEAK
分数等级
5-6🟢 极好
4🟢 良好
3🟡 一般
0-2🔴 弱

🛡️ 2. Breach Detection 🛡️ 2. 泄露检测

The tool checks the HaveIBeenPwned API to see if your password appears in any known data breaches. 该工具会查询 HaveIBeenPwned API,以查看您的密码是否出现在任何已知的数据库泄露事件中。

How it stays secure: 如何确保安全:

  • Your password is never sent over the internet
  • 您的密码绝不会通过互联网发送
  • Only the first 5 characters of the SHA-1 hash are sent
  • 仅发送 SHA-1 哈希值的前 5 个字符
  • This is called k-anonymity — the API never sees your full password
  • 这被称为 k-匿名(k-anonymity)——API 永远无法获取您的完整密码

Conclusion 结语

Building this password checker taught me a lot about: Working with APIs, Cryptographic hashing, Privacy-first design, and Creating useful, user-friendly tools. 构建这个密码检查器让我学到了很多:如何使用 API、加密哈希处理、隐私优先的设计理念,以及如何创建实用且用户友好的工具。

If you’re learning cybersecurity or Python, I highly recommend building tools like this. You learn far more than you would from following tutorials alone. This is my second cybersecurity project. If I can build it, so can you. 🚀 如果你正在学习网络安全或 Python,我强烈建议你尝试构建类似的工具。这比单纯跟随教程学习能让你收获更多。这是我的第二个网络安全项目。如果我能做到,你也可以。🚀