我发现了这个名为 pwnedpasswords 的网站,您显然可以在其中检查您的密码的 sha1 哈希值是否已在某处泄露。所以我制作了一个脚本来自动化这个过程,这是我的脚本:
#!/bin/bash
read -s -p "Input your password: " your_pw
echo
your_hash=$(printf "$your_pw"|sha1sum|tr '[:lower:]' '[:upper:]'|head -c40)
hash_head=$(printf "$your_hash"|head -c5)
hash_tail=$(printf "$your_hash"|tail -c35)
pwned_count=$(curl https://api.pwnedpasswords.com/range/${hash_head} 2> /dev/null|grep "${hash_tail}"|awk -F ':' '{print $2}')
echo "Your password has been pwned ${your_pw} times"
echo "Your password has been pwned ${pwned_count} times"
我用作测试密码1,这是输出:
[me@my_compuuter aaa8]$ ./was_your_password_pwned.sh
Input your password:
Your password has been pwned 1 times
timesassword has been pwned 197972
请注意当我echo "Your password has been pwned ${your_pw} …
for (( a=1;a<=$(wc -l sedtest1);a++ ));do echo $a; done
给我一个错误:
-bash: ((: a<=21 sedtest1: syntax error in expression (error token is "sedtest1")