PrincessPi/Encrypt-Share-Attribution
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

this is my life now. infinite frustration cast upon me by an evil curse \

Browse Source
This commit is contained in:
Princess Pi
2026-05-23 11:40:03 -06:00
parent bc20acec0f
commit 6b71b15408
3 changed files with 7 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+5
View File
@@ -69,3 +69,8 @@ todo
- shred all erronious files and dirs
- cleaned up code
- better rng
- better passphrase check
- checks for exact match
- minimum of 35 chars
- checks with cracklib-check
- checks online with haveibeenpwned.com
create-attributable-archive.sh
+1 -1
View File
@@ -1,5 +1,5 @@
#!/bin/bash
# packages: 7zip, shred, secure-delete, cracklib-runtime
# packages: 7zip, shred, secure-delete, cracklib-runtime, openssl, curl
set -e
unix_seconds=$(date +%s)
key_path="./private_ed25519_${unix_seconds}"
vibecoded_audit_pass.sh
-92
View File
@@ -1,92 +0,0 @@
#!/usr/bin/env bash
# Enable strict error management
set -o errexit
set -o errtrace
set -o pipefail
# ==============================================================================
# Comprehensive Passphrase Audit Function
# ==============================================================================
audit_passphrase() {
local raw_password="$1"
if [[ -z "$raw_password" ]]; then
echo "[ERROR] No passphrase provided for validation." >&2
exit 2
fi
# --------------------------------------------------------------------------
# GATE 1: Minimum Length Verification (35+ Characters)
# --------------------------------------------------------------------------
local pass_len="${#raw_password}"
if [ "$pass_len" -lt 35 ]; then
echo "❌ REJECTED: Passphrase is too short ($pass_len characters). Minimum length required is 35."
exit 1
fi
echo " [PASS] Length verification satisfied ($pass_len characters)."
# --------------------------------------------------------------------------
# GATE 2: Local Dictionary Check (cracklib-check)
# --------------------------------------------------------------------------
# cracklib-check reads from stdin and outputs 'password: status'
# If secure, the status string reads "OK"
if ! command -v cracklib-check &> /dev/null; then
echo "[WARN] cracklib-check binary not found. Skipping dictionary audit." >&2
else
local cracklib_result
cracklib_result=$(echo "$raw_password" | cracklib-check | cut -d':' -f2 | xargs)
if [[ "$cracklib_result" != "OK" ]]; then
echo "❌ REJECTED by cracklib-check: $cracklib_result"
exit 1
fi
echo " [PASS] Local dictionary and structural complexity audit clear."
fi
# --------------------------------------------------------------------------
# GATE 3: Remote Anonymized Leak Check (HIBP API via k-Anonymity)
# --------------------------------------------------------------------------
local full_hash
full_hash=$(echo -n "$raw_password" | openssl dgst -sha1 | awk '{print toupper($2)}')
local prefix="${full_hash:0:5}"
local suffix="${full_hash:5}"
local api_url="https://api.pwnedpasswords.com/range/$prefix"
local response
if ! response=$(curl -s -H "User-Agent: Bash-Passphrase-Audit-Script" "$api_url"); then
echo "[FATAL] Failed to communicate with HIBP API." >&2
exit 3
fi
local match
match=$(echo "$response" | grep -i "^$suffix:")
if [[ -n "$match" ]]; then
local pwn_count
pwn_count=$(echo "$match" | cut -d':' -f2 | tr -d $'\r')
echo "❌ VULNERABLE: This passphrase has appeared in $pwn_count known public breaches."
exit 1
else
echo "✅ SUCCESS: Passphrase meets all local criteria and was not found in HIBP records."
return 0
fi
}
# ==============================================================================
# Execution Example
# ==============================================================================
echo "=== System Passphrase Security Enforcer ==="
read -r -s -p "Enter a new secure passphrase (35+ chars): " user_input
echo ""
# Run the complete pipeline
audit_passphrase "$user_input"
exit_status=$?
# Instantly wipe raw secret text from memory space
unset user_input
exit "$exit_status"