Files
general-scripts-and-system-…/customscripts/passcheck
T

55 lines
1.4 KiB
Bash

#!/bin/bash
pass_min_length=40
hibp_api="https://api.pwnedpasswords.com/range/"
# gather salt
read -s -p "Input Passphrasse " passphrase1
echo
read -s -p "Re-Enter Passphrase " passphrase2
echo
## Sanity check the salt
### not empty
if [ -z "$passphrase1" -o -z "$passphrase2" ]; then
echo "Input passphrases can NOT be blank!"
exit 1
else
echo "Passphrases Supplied: OK"
fi
### match
if [[ "$salt1" != "$salt2" ]]; then
echo "Passphrases DO NOT MATCH"
exit 1
else
echo "Passphrases Match: OK"
fi
### length
pass_length=${#passphrase1} # salt len
if [[ $pass_length -le $pass_min_length ]]; then
echo "Salt MUST be $pass_min_length characters or longer!"
exit 1
else
echo "Pass Length: OK"
fi
### salt safety and complexity
complexity_check=$(echo -n "$passphrase1" | cracklib-check)
if grep -q 'OK' <<< "$complexity_check"; then
echo "Complexity: OK"
else
echo "Passphrase NOT Complex enough!"
exit 1
fi
### query hibP
sha1_digest=$(echo -n "$passphrase1" | sha1sum | awk '{print $1}')
first_five="${sha1_digest:0:5}" # get furst five chars
last_35="${sha1_digest:5:35}" # get the rest
curl_ret="$(curl -s ${hibp_api}${first_five})"
# echo "first five: $first_five"
# echo "last 35: $last_35"
# echo "curl ret: $curl_ret"
if grep -q -i "${last_35}" <<< "${curl_ret}"; then
echo "PASS FOUND IN BREACHED LISTS!"
exit 1
else
echo "PASS CHECKS OUT"
exit 0
fi