Stupid little .NET Core console app that checks your passwords against Troy Hunt's "Have I Been Pwned?" Password API.
Your password is hashed with the SHA-1 algorithm before it leaves your computer. It performs a lookup against Troy's API using the k-anonymity model:
- It sends just the first 5 characters of the hash.
- The API returns all hashes that start with those 5 characters and their frequencies.
- The app finds the matching row and returns the corresponding frequency to the console.
This way, you never have to send your password-- nor even its entire hash-- across the internet.
- Install .NET Core Runtime or SDK.
git clone git@github.com:jdmallen/password-checker.gitcd password-checker/PasswordChecker && dotnet run