this is my life now. infinite frustration cast upon me by an evil curse

create-attributable-archive.sh

@@ -25,7 +25,7 @@ checkcode() {
 
 reset() {
     printf "autoshredding these files..."
-    find . -type f \( -path ".git" -o -path "keystore" -o -path "archives" \) -prune \( -name "*.sha512" -o -name "checksums*" -o -name "private_*" -o -name ".*" -o -name "*.sig" -o -name "*.7z" -o -name "anonymous_signer" \) -print -exec shred -uz {} \;
+    find . \( -path "./.git" -o -path "./keystore" -o -path "./archives" \) -prune -o -type f \( -name "*.sha512" -o -name "checksums*" -o -name "private_*" -o -name ".*" -o -name "*.sig" -o -name "*.7z" -o -name "anonymous_signer" \) -print -exec shred -uz {} \;
     checkcode $?
 
     if compgen -G "private_*"; then
@@ -49,7 +49,7 @@ reset() {
     mkdir -p "$inner_dir" > /dev/null 2>&1
     checkcode $?
 
-    printf "updating $inner_dir/READMD.md..."
+    printf "updating $inner_dir/README.md..."
     echo "put files to verifiably archive in here" > "$inner_dir/README.md"
     checkcode $?
 
@@ -57,7 +57,7 @@ reset() {
     echo "# todo: make this nice" > "$out_dir/README.md" 
     checkcode $?
 
-    printf "making "$out_dir"/test_validate_passphrase.sh..."
+    printf "making $out_dir/test_validate_passphrase.sh..."
     cp test_validate_passphrase.txt "$out_dir/test_validate_passphrase.sh" > /dev/null 2>&1
     checkcode $?
 
@@ -69,7 +69,7 @@ reset() {
     cp verify-everything.txt "$out_dir"/verify-everything.sh > /dev/null 2>&1
     checkcode $?
 
-    printf "making $out_dir/verify-everything.sh executable"...
+    printf "making $out_dir/verify-everything.sh executable..."
     chmod +x "$out_dir/verify-everything.sh" > /dev/null 2>&1
     checkcode $?
 
@@ -87,7 +87,7 @@ reset() {
         find "$dir" -mindepth 1 -type d -exec srm -r -z -l -l "{}" \; > /dev/null 2>&1
         checkcode $?
 
-        printf "finding and shredding erronious files in ${dir}..."
+        printf "finding and shredding erroneous files in ${dir}..."
         find "$dir" -type f \( -name "private_ed25519_*" -o -name "attribution_passphrase_*" \) -exec shred -uz "{}" \; > /dev/null 2>&1
         checkcode $?
 
@@ -97,6 +97,86 @@ reset() {
     done
 }
 
+# some heinously vibe coded shit pls forgiv
+audit_passphrase() {
+    local raw_password="$1"
+    local check_password="$2"
+    
+    if [[ -z "$raw_password" ]]; then
+        echo "[ERROR] No passphrase provided for validation." >&2
+        exit 2
+    fi
+
+    if [[ -z "$check_password" ]]; then
+        echo "[ERROR] No check passphrase provided for validation." >&2
+        exit 2
+    fi
+
+    if [[ "$raw_password" != "$check_password" ]]; then
+        echo "[ERROR] Passphrases do not match!" >&2
+        exit 2  
+    fi
+
+    unset check_password
+
+    # --------------------------------------------------------------------------
+    # GATE 1: Minimum Length Verification (35+ Characters)
+    # --------------------------------------------------------------------------
+    local pass_len="${#raw_password}"
+    if [ "$pass_len" -lt 35 ]; then
+        echo "❌ REJECTED: Passphrase is too short ($pass_len characters). Minimum length required is 35."
+        exit 1
+    fi
+    echo "  [PASS] Length verification satisfied ($pass_len characters)."
+
+    # --------------------------------------------------------------------------
+    # GATE 2: Local Dictionary Check (cracklib-check)
+    # --------------------------------------------------------------------------
+    # cracklib-check reads from stdin and outputs 'password: status'
+    # If secure, the status string reads "OK"
+    if ! command -v cracklib-check &> /dev/null; then
+        echo "[WARN] cracklib-check binary not found. Skipping dictionary audit." >&2
+    else
+        local cracklib_result
+        cracklib_result=$(echo "$raw_password" | cracklib-check | cut -d':' -f2 | xargs)
+        
+        if [[ "$cracklib_result" != "OK" ]]; then
+            echo "❌ REJECTED by cracklib-check: $cracklib_result"
+            exit 1
+        fi
+        echo "  [PASS] Local dictionary and structural complexity audit clear."
+    fi
+
+    # --------------------------------------------------------------------------
+    # GATE 3: Remote Anonymized Leak Check (HIBP API via k-Anonymity)
+    # --------------------------------------------------------------------------
+    local full_hash
+    full_hash=$(echo -n "$raw_password" | openssl dgst -sha1 | awk '{print toupper($2)}')
+
+    local prefix="${full_hash:0:5}"
+    local suffix="${full_hash:5}"
+    local api_url="https://api.pwnedpasswords.com/range/$prefix"
+    local response
+    
+    if ! response=$(curl -s -H "User-Agent: Bash-Passphrase-Audit-Script" "$api_url"); then
+        echo "[FATAL] Failed to communicate with HIBP API." >&2
+        exit 3
+    fi
+
+    local match
+    match=$(echo "$response" | grep -i "^$suffix:")
+
+    if [[ -n "$match" ]]; then
+        local pwn_count
+        pwn_count=$(echo "$match" | cut -d':' -f2 | tr -d $'\r')
+        echo "❌ VULNERABLE: This passphrase has appeared in $pwn_count known public breaches."
+        exit 1
+    else
+        echo "✅ SUCCESS: Passphrase meets all local criteria and was not found in HIBP records."
+        return 0
+    fi
+}
+
 printf "setting up environment..."
 reset
 
@@ -165,15 +245,19 @@ echo "Enter attribution passphrase again:"
 read -r -s attribution_passphrase_check
 echo
 
-if printf "$attribution_passphrase" | cracklib-check | grep -q 'OK'; then
-    echo -e "attribution passphrase strength: \033[0;32mOK!\033[0m"
-else
-    echo -e "\n\n\033[0;31mAttribution passphrase ia not secure enough! Exiting!\033[0m\n\n" > /dev/null 2>&1
-    exit 1
-fi
+printf "auditing attribution passphrase"
+audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"
+checkcode $?
+
+# if printf "%s" "$attribution_passphrase" | cracklib-check | grep -q 'OK'; then
+#     echo -e "attribution passphrase strength: \033[0;32mOK!\033[0m"
+# else
+#     echo -e "\n\n\033[0;31mAttribution passphrase is not secure enough! Exiting!\033[0m\n\n"
+#     exit 1
+# fi
 
 if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then
-    echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1
+    echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n"
     exit 1
 else
     echo -e "attribution_passphrase: \033[0;32mOK!\033[0m"
@@ -196,7 +280,7 @@ cd "$out_dir" > /dev/null 2>&1
 checkcode $?
 
 printf "sanity checking: verification..."
-bash verify-everything.sh "$attribution_passhrase"
+bash verify-everything.sh "$attribution_passphrase"
 checkcode $?
 
 printf "sanity checking: validate attribution passphrase..."
@@ -227,25 +311,25 @@ echo "input keystore passphrase (again):"
 read -r -s keystore_passphrase_check
 echo
 
-if printf "$keystore_passphrase" | cracklib-check | grep -q 'OK'; then
+if printf "%s" "$keystore_passphrase" | cracklib-check | grep -q 'OK'; then
     echo -e "keystore passphrase strength: \033[0;32mOK!\033[0m"
 else
-    echo -e "\n\n\033[0;31mKeystore passphrase not strong enough! Exiting!\033[0m\n\n" > /dev/null 2>&1
+    echo -e "\n\n\033[0;31mKeystore passphrase not strong enough! Exiting!\033[0m\n\n"
     exit 1
 fi
 
 if [[ "$keystore_passphrase" != "$keystore_passphrase_check" ]]; then
-    echo -e "\n\n\033[0;31mKeystore passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1
+    echo -e "\n\n\033[0;31mKeystore passphrases do not match! Exiting!\033[0m\n\n"
     exit 1
 else
     echo -e "keystore passphrases... \e[1;32mOK!\e[0m"
 fi
 
-printf "unsetting keystore passphrase checl"
+printf "unsetting keystore passphrase check"
 unset keystore_passphrase_check > /dev/null 2>&1
 checkcode $?
 
-printf "archivin keys..."
+printf "archiving keys..."
 7z a "keystore/keystore_${unix_seconds}.7z" "private_*" "attribution_passphrase_*" -p"$keystore_passphrase" -mhe=on > /dev/null 2>&1
 checkcode $?
 

vibecoded_audit_pass.sh

@@ -13,7 +13,7 @@ audit_passphrase() {
     
     if [[ -z "$raw_password" ]]; then
         echo "[ERROR] No passphrase provided for validation." >&2
-        return 2
+        exit 2
     fi
 
     # --------------------------------------------------------------------------
@@ -22,7 +22,7 @@ audit_passphrase() {
     local pass_len="${#raw_password}"
     if [ "$pass_len" -lt 35 ]; then
         echo "❌ REJECTED: Passphrase is too short ($pass_len characters). Minimum length required is 35."
-        return 1
+        exit 1
     fi
     echo "  [PASS] Length verification satisfied ($pass_len characters)."
 
@@ -39,7 +39,7 @@ audit_passphrase() {
         
         if [[ "$cracklib_result" != "OK" ]]; then
             echo "❌ REJECTED by cracklib-check: $cracklib_result"
-            return 1
+            exit 1
         fi
         echo "  [PASS] Local dictionary and structural complexity audit clear."
     fi
@@ -57,7 +57,7 @@ audit_passphrase() {
     
     if ! response=$(curl -s -H "User-Agent: Bash-Passphrase-Audit-Script" "$api_url"); then
         echo "[FATAL] Failed to communicate with HIBP API." >&2
-        return 3
+        exit 3
     fi
 
     local match
@@ -67,7 +67,7 @@ audit_passphrase() {
         local pwn_count
         pwn_count=$(echo "$match" | cut -d':' -f2 | tr -d $'\r')
         echo "❌ VULNERABLE: This passphrase has appeared in $pwn_count known public breaches."
-        return 1
+        exit 1
     else
         echo "✅ SUCCESS: Passphrase meets all local criteria and was not found in HIBP records."
         return 0