08 Nov 2018, 13:18

check if password has been compromised
13:18 Thursday 08 November 2018 JST

I wanted to write a Bash script which would take a file with a list of passwords and throw each one at Troy Hunt’s collection of compromised passwords.

I probably won’t do it soon because I found a bash one-liner which checks to see if a password was compromised.

I had to modify it slightly, but this line works on my Mac:

echo "pass> "; read -s pass_str; sha1=$(echo -n $pass_str | tr -d '\n' | shasum); echo "Hash prefix: ${sha1:0:5}"; echo "Hash suffix: ${sha1:5:35}"; result=$(curl https://api.pwnedpasswords.com/range/${sha1:0:5} 2>/dev/null | grep $(echo ${sha1:5:35} | tr '[:lower:]' '[:upper:]')); echo "Count: ${result#*:}"