PwnedPasswords.net 0.1.0

PwnedPasswords.net client library

Install-Package PwnedPasswords.net -Version 0.1.0
dotnet add package PwnedPasswords.net --version 0.1.0
<PackageReference Include="PwnedPasswords.net" Version="0.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add PwnedPasswords.net --version 0.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

PwnedPasswords.net

This is a very quick and dirty .net client for Troy Hunt's excellent PwnedPasswords service.

The library will call the PwnedPasswords service using a partial of a SHA1 hash of any password you give it. At no point does it send the password itself, or indeed anything except the first 5 characters of the SHA1 representation of that password.

This means you can safely check if a password is on a known password list without giving away the password itself.

How to use

Standard use:

// Create an instance of the client, then call CheckPassword:

var pwdClient = new PwnedPasswordsClient(); // Client instance, you can also pass in your own instance of HttpClient

if(pwdClient.CheckPassword("password")) // "password" can be any clear text password
{
    // If the method returns true, the password was known
    Console.WriteLine("pwned!");
}
else
{
    // If it returned false, the password is not currently known.
    Console.WriteLine("Not pwned!");
}

You can also check a SHA1 directly, if you don't feel comfortable passing a raw password around:

if(pwdClient.CheckSha1HashedPassword("21BD12DC183F740EE76F27B78EB39C8AD972A757"))
{
    Console.WriteLine("pwned!");
}
else
{
    Console.WriteLine("Not pwned!");
}

Disclaimer

This library is in no way affiliated with, or endorsed by Troy Hunt, PwnedPasswords, HaveIBeenPwned or any of the services they provide.

This library has received MINIMAL testing at best - use at your own risk! Or just steal the code and make it better.

PwnedPasswords.net

This is a very quick and dirty .net client for Troy Hunt's excellent PwnedPasswords service.

The library will call the PwnedPasswords service using a partial of a SHA1 hash of any password you give it. At no point does it send the password itself, or indeed anything except the first 5 characters of the SHA1 representation of that password.

This means you can safely check if a password is on a known password list without giving away the password itself.

How to use

Standard use:

// Create an instance of the client, then call CheckPassword:

var pwdClient = new PwnedPasswordsClient(); // Client instance, you can also pass in your own instance of HttpClient

if(pwdClient.CheckPassword("password")) // "password" can be any clear text password
{
    // If the method returns true, the password was known
    Console.WriteLine("pwned!");
}
else
{
    // If it returned false, the password is not currently known.
    Console.WriteLine("Not pwned!");
}

You can also check a SHA1 directly, if you don't feel comfortable passing a raw password around:

if(pwdClient.CheckSha1HashedPassword("21BD12DC183F740EE76F27B78EB39C8AD972A757"))
{
    Console.WriteLine("pwned!");
}
else
{
    Console.WriteLine("Not pwned!");
}

Disclaimer

This library is in no way affiliated with, or endorsed by Troy Hunt, PwnedPasswords, HaveIBeenPwned or any of the services they provide.

This library has received MINIMAL testing at best - use at your own risk! Or just steal the code and make it better.

Release Notes

Initial release

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
0.1.0 351 2/21/2018