/// <summary> /// Checks whether the provided password is in the Enzoic database of known, compromised passwords. /// @see <a href="https://www.enzoic.com/docs/passwords-api">https://www.enzoic.com/docs/passwords-api</a> /// </summary> /// <param name="password">The password to be checked</param> /// <param name="revealedInExposure">Out parameter. Whether the password was exposed in a known data Exposure. If this value /// is false, the password was found in common password cracking dictionaries, but has not been directly exposed as a user /// password in a data breach or other Exposure.</param> /// <param name="relativeExposureFrequency">This is a gauge of how frequently the password has been seen in data breaches. /// The value is simply the percent of data /// breaches indexed by Enzoic that have contained at least one instance of this password, i.e. if the value is 13, /// that means 13% of the exposures that Enzoic has indexed contained this password at least one time. This value can /// be used to gauge how dangerous this password is by how common it is.</param> /// <returns>True if the password is a known, compromised password and should not be used</returns> public bool CheckPassword(string password, out bool revealedInExposure, out int?relativeExposureFrequency) { string md5 = Hashing.CalcMD5(password); string sha1 = Hashing.CalcSHA1(password); string sha256 = Hashing.CalcSHA256(password); String response = MakeRestCall( apiBaseURL + PASSWORDS_API_PATH + "?partial_md5=" + md5.Substring(0, 10) + "&partial_sha1=" + sha1.Substring(0, 10) + "&partial_sha256=" + sha256.Substring(0, 10), "GET", null); if (response != "404") { dynamic responseObj = JObject.Parse(response); foreach (dynamic candidate in responseObj.candidates) { if (candidate.md5 == md5 || candidate.sha1 == sha1 || candidate.sha256 == sha256) { revealedInExposure = candidate.revealedInExposure; relativeExposureFrequency = candidate.relativeExposureFrequency; return(true); } } } revealedInExposure = false; relativeExposureFrequency = null; return(false); }