🔐Security
HIBP K-Anonymity Format
Explains the Have I Been Pwned k-anonymity flow: SHA-1 password, first 5 chars on GET, suffix returned.
O serviço Pwned Passwords usa k-anonymity para nunca receber a senha completa.
- Compute o SHA-1 da senha em maiúsculas hex (40 chars)
- Envie um
GET https://api.pwnedpasswords.com/range/<PRIMEIROS_5> - O servidor responde com lista de sufixos (35 chars) + contagem
- Procure seu sufixo nessa lista localmente
Assim, o servidor nunca recebe a senha nem o hash completo.
Related Tools
🔐
Password Generator
Generate strong, random passwords with custom length, uppercase letters, numbers and symbols. Generated in the browser — no data leaves your device.
🔐
Encrypt Text
Apply classic ciphers (Caesar, ROT13, Atbash) or Base64. Useful for puzzles, CTFs and testing — do not use for real security.
🛡️
Password Strength Checker
Check the strength of a password with entropy calculation, common-password check and improvement tips. Runs in your browser — no data is sent.