I wrote the below ruby script myself to test all my passwords against
the same service.
It’s tested on macOS, two of my passwords had been breached, both for
last.fm.
I haven’t used the service in ages, but wanted to update my passwords
nonetheless.
The last.fm breach was in March of 2012, so I expected both passwords to
have been disabled.
I login to last.fm, no problem, and no info box that asks me to update
password.
I then go ahead to update my password. I use apg to generate a random
password.
Lo and behold, last.fm tells me my new password is too weak and I should
pick another, LMFAO!
```ruby
#!/usr/bin/env ruby
require 'digest'
require 'shellwords'
PASSWORD_STORE_DIR = ENV['PASSWORD_STORE_DIR'] ||
File.expand_path('~/.password-store')
Dir.chdir(PASSWORD_STORE_DIR) do
Dir.glob('**/*.gpg') do |file|
path = "#{PASSWORD_STORE_DIR}/#{file}"
pass = %x{ gpg -d #{path.shellescape} 2>/dev/null | head -n1
}.chomp
hash = Digest::SHA1.hexdigest(pass).upcase
prefix, suffix = hash[0..4], hash[5..39]
url = "https://api.pwnedpasswords.com/range/#{prefix}";
response = %x{ curl -sL #{url.shellescape}|grep
#{suffix.shellescape} }
if $?.exitstatus == 0
count = response.chomp.split(':')[1]
dir, name = File.dirname(file), File.basename(file, '.gpg')
subpath = dir == '.' ? name : "#{dir}/#{name}"
puts "#{count} leaks of your password (‘#{pass}’) for
#{subpath}"
end
end
end
```_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
