XposedOrNot: Check How Safe Is A Password

About XposedOrNot

What is Xposed Passwords?

The main aim of this project is to give a free platform for the general public to check if their password is exposed and compromised.

This massive password collection is an accumulation of real passwords exposed in various data breaches around the world. Passwords are curated from exposed breaches like Collection #1, Yahoo, etc. Adding to that, passwords are also commonly exposed in "pastes" in pastebin.com. We have taken more than 40,000 such exposures and that is again added to this huge list.

The collated passwords are hashed with a highly secure hashing algorithm SHA-3 ( Keccak-512 ), and stored in a one way hash for verification. No passwords are stored in plain text and the process of checking anonymously is explained in detail in our blog post, 850 million passwords for free explaining the technical and operational controls enforced for enhancing the security posture. Feel free to go through the same.

FAQs »


//Include script src as https://cdnjs.cloudflare.com/ajax/libs/js-sha3/0.7.0/sha3.js" 
JQuery(document).ready(function() {
    $("#go").click(function(abacus) {
            abacus.preventDefault();
            var pwd_hash = (keccak_512($("#passwd").val()).substring(0, 10));
            koodudal = 'https://xposedornot.com/api/v1/pass/anon/' + encodeURIComponent(pwd_hash);
            var pwd_str = document.getElementById("passwd").value;
            if (pwd_str.length != 0) {
                var xon_response = $.ajax(koodudal)
                    .done(function(n) {
                        $('#message-text').html("Oops : Password looks exposed and hence avoid using this");
                    })
            })
    }
    else {
        $('#message-text').html("Oops! Try again with a valid password. ");
        $('#password').focus();
    })
})

Demo »


//https://github.com/kornrunner/php-keccak

use kornrunner\Keccak;
Keccak::hash('', 512);
// 0eab42de4c3ceb9235fc91acffe746b29c29a8c366b7c60e4e67c466f36a4304c00fa9caf9d87976ba469bcbe06713b435f091ef2769fb160cdab33d3670680e

Check if a password has been exposed.

About XposedOrNot

What is Xposed Passwords?

Developers Guide