~/security/passcheck ← About this tool

Security · Client-side · k-anonymity

Password & Breach Auditor

Type a password to estimate its strength and crack time — entirely in your browser. The breach check is privacy-preserving: only the first 5 characters of its SHA-1 hash ever leave your device.

Crack time · offline (fast hash)
Crack time · online (throttled)
Privacy: nothing is stored, logged, or sent anywhere as you type. Strength is computed locally. The breach lookup uses the HaveIBeenPwned range API with k-anonymity — your password is SHA-1 hashed in-browser and only the 5-char prefix is sent; the matching is done here on the full list of suffixes that prefix returns.

How it works · github.com/Thom4sss