我发现了这个名为 pwnedpasswords 的网站,您显然可以在其中检查您的密码的 sha1 哈希值是否已在某处泄露。所以我制作了一个脚本来自动化该过程,这是我的脚本:
#!/bin/bash
read -s -p "Input your password: " your_pw
echo
your_hash=$(printf "$your_pw"|sha1sum|tr '[:lower:]' '[:upper:]'|head -c40)
hash_head=$(printf "$your_hash"|head -c5)
hash_tail=$(printf "$your_hash"|tail -c35)
pwned_count=$(curl https://api.pwnedpasswords.com/range/${hash_head} 2> /dev/null|grep "${hash_tail}"|awk -F ':' '{print $2}')
echo "Your password has been pwned ${your_pw} times"
echo "Your password has been pwned ${pwned_count} times"
我用作测试密码1,这是输出:
[me@my_compuuter aaa8]$ ./was_your_password_pwned.sh
Input your password:
Your password has been pwned 1 times
timesassword has been pwned 197972
请注意,当我echo "Your password has been pwned ${your_pw} times"
它给我正确的格式时($your_pw只是密码本身),但是当我echo "Your password has been pwned ${pwned_count} times"它给我这种奇怪的格式时,它从末尾开始times并以某种方式在开始时重叠它......我不知道这是怎么回事...
有人能弄清楚吗?
答案1
该站点返回的列表中的行以 结尾CR/LF。 A CR( \r) 会将插入符号/光标移动到行首:
printf 'good \r times'
times