Index: head/security/pwned-check/Makefile =================================================================== --- head/security/pwned-check/Makefile (revision 475647) +++ head/security/pwned-check/Makefile (revision 475648) @@ -1,30 +1,30 @@ # Created by: Charlie Root # $FreeBSD$ PORTNAME= pwned-check -PORTVERSION= 2.0 +PORTVERSION= 2.2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= # DISTFILES= # MAINTAINER= se@FreeBSD.org -COMMENT= Check whether password is known to have been exposed in data breaches +COMMENT= Check whether password is known to have been exposed in a data breach LICENSE= BSD2CLAUSE NO_ARCH= yes NO_BUILD= yes WRKSRC= ${WRKDIR}/src SRC= ${.CURDIR}/src SUB_FILES= ${PORTNAME}.sh ${PORTNAME}.1 pkg-message do-install: ${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME}.sh ${STAGEDIR}${PREFIX}/bin/${PORTNAME} ${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc ${INSTALL_MAN} ${WRKDIR}/${PORTNAME}.1 ${STAGEDIR}${MAN1PREFIX}/man/man1 ${MKDIR} ${STAGEDIR}/var/db/${PORTNAME} .include Index: head/security/pwned-check/pkg-descr =================================================================== --- head/security/pwned-check/pkg-descr (revision 475647) +++ head/security/pwned-check/pkg-descr (revision 475648) @@ -1,10 +1,18 @@ Pwned Passwords are hundreds of millions of real world passwords exposed in data breaches. This exposure makes them unsuitable for ongoing use as they are at much greater risk of being used to take over other accounts. -This script uses a downloaded copy of the pwned passwort hashes available -from https://haveibeenpwned.com/Passwords/ to allow passwords to be locally -checked, whether they are known to have been obtained in a data breach and -therefore should not be used. +This script offers 2 methods to check whether a password has been exposed +in an uncovered breach: + +1) Online check implemented in such a way that the password to be checked + does not need to be sent to the remote database server. + +2) Local check against a copy of the pawned passwords database. + +Since the local copy of the database requires nearly 20 GB of disk space +(and a download of more than 10 GB of compressed data) the access via the +online check should be preferred, if the compatible with operational and +security requirements. WWW: https://haveibeenpwned.com/