At psconf.eu there was recently a challenge for the shortest code to check for how often a password was previously pwnd (hacked). Here is the result (credits to Daniel Rothgänger):
[Net.ServicePointManager]::SecurityProtocol='Tls12' 'P@ssw0rd'|sc p -N;$a,$b=(FileHash p -A SHA1|% h*)-split'(?<=^.{5})';((irm api.pwnedpasswords.com/range/$a)-split"$b`:(\d+)")[1]
You can either use this chunk of code as brain jogging to find out what it does, or simply use it: it takes a password (i.e. “P@ssw0rd” in our example) and returns a number. The number is how often this particular password has been seen in previous attacks. Any password that has been seen is considered insecure. Only passwords that do not return a number are safe.
ReTweet this Tip!
Just because the string (password) that was sent didn't return a number does not indicate it is safe. You did just send it to an API on the internet to add to it's list of passwords to try....
"Shortest Code" brings an interesting risk on Aliases. In my case, I'm disabling aliases as they make code non-portable (and introduce funny risks). "sc" is just SC.exe, not Set-Content. Apart from that, useful !