什么是 Xpose 密码?
欢迎来到密码,一个免费平台,旨在帮助公众检查密码是否在数据泄露中被泄露和暴露。
我们收集的大量密码由在世界各地各种数据泄露中暴露的真实密码组成。为了确保这些信息的安全,我们使用一种高度安全的哈希算法,称为 SHA-3 (Keccak-512) 对密码进行散列并将其存储在单向散列中以进行验证。密码不以纯文本形式存储。
有关我们为增强平台安全性而采取的技术和运营控制措施的更多信息,请查看我们的博客文章“Xpose 密码:您的免费密码检查器”。
开发者指南
//Include script src as https://cdnjs.cloudflare.com/ajax/libs/js-sha3/0.7.0/sha3.js"
$(document).ready(function() {
$("#go").click(function(abacus) {
abacus.preventDefault();
var pwd_hash = (keccak_512($("#passwd").val()).substring(0, 10));
var apiUrl = 'https://passwords.xposedornot.com/api/v1/pass/anon/' + encodeURIComponent(pwd_hash);
var pwd_str = document.getElementById("passwd").value;
if (pwd_str.length != 0) {
var xon_response = $.ajax(apiUrl)
.done(function(n) {
$('#message-text').html("Oops : Password looks exposed and hence avoid using this");
});
} else {
$('#message-text').html("Oops! Try again with a valid password. ");
$('#passwd').focus();
}
});
});
// Requirement PHP 7.2 or greater
// Install Keccak library using `composer require kornrunner/keccak-php`
require 'vendor/autoload.php';
use KornRunner\KeccakPHP\Keccak;
if (isset($_POST['submit'])) {
$pwd_str = $_POST['passwd'];
if (strlen($pwd_str) != 0) {
$keccak = new Keccak();
$keccak->setDigestSize(512);
$keccak->update($pwd_str);
$pwd_hash = $keccak->digest();
$pwd_hash=substr($pwd_hash,0,10);
$apiUrl = 'https://passwords.xposedornot.com/api/v1/pass/anon/' . urlencode($pwd_hash);
$xon_response = file_get_contents($apiUrl);
if ($xon_response) {
echo "Oops : Password looks exposed and hence avoid using this";
}
} else {
echo "Oops! Try again with a valid password. ";
}
}
import sha3
import urllib.parse
import urllib.request
def keccak_hash(pwd):
k = sha3.keccak_512()
k.update(pwd)
return(k.hexdigest())
password = input("Enter the password: ")
if len(password) != 0:
pwd_hash = keccak_hash(password.encode())[:10]
koodudal = 'https://xposedornot.com/v1/pass/anon/' + urllib.parse.quote(pwd_hash)
with urllib.request.urlopen(koodudal) as response:
if response.status != 200:
print("Oops: Password looks exposed and hence avoid using this")
else:
print("password is safe")
else:
print("Oops! Try again with a valid password.")
require 'keccak-ruby'
require 'net/http'
require 'uri'
puts "Enter the password:"
password = gets.chomp
if !password.empty?
pwd_hash = Keccak::Digest.new(512, 0x01).digest(password)[0..9]
apiUrl = 'https://passwords.xposedornot.com/api/v1/pass/anon/' + URI.encode(pwd_hash)
uri = URI.parse(apiUrl)
res = Net::HTTP.get_response(uri)
if res.code != '200'
puts "Oops: Password looks exposed and hence avoid using this"
else
puts "password is safe"
end
else
puts "Oops! Try again with a valid password."
end
import org.bouncycastle.jcajce.provider.digest.Keccak;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Scanner;
public class Main {
public static void main(String[] args) throws Exception {
Scanner scanner = new Scanner(System.in);
System.out.println("Enter the password:");
String password = scanner.nextLine();
if (!password.isEmpty()) {
Keccak.DigestKeccak keccak = new Keccak.Digest512();
byte[] hash = keccak.digest(password.getBytes());
String pwd_hash = new String(hash).substring(0, 10);
String apiUrl = "https://passwords.xposedornot.com/api/v1/pass/anon/" + java.net.URLEncoder.encode(pwd_hash, "UTF-8");
URL url = new URL(apiUrl);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
if (conn.getResponseCode() != 200) {
System.out.println("Oops: Password looks exposed and hence avoid using this");
} else {
System.out.println("Password is safe");
}
} else {
System.out.println("Oops! Try again with a valid password.");
}
}
}
package main
import (
"crypto/sha3"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"strings"
)
func main() {
var password string
fmt.Println("Enter the password:")
fmt.Scanln(&password)
if len(password) != 0 {
hash := sha3.New512()
hash.Write([]byte(password))
pwd_hash := hash.Sum(nil)[:10]
apiUrl := "https://passwords.xposedornot.com/api/v1/pass/anon/" + url.QueryEscape(string(pwd_hash))
resp, err := http.Get(apiUrl)
if err != nil {
fmt.Println(err)
return
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
fmt.Println("Oops: Password looks exposed and hence avoid using this")
} else {
fmt.Println("Password is safe")
}
} else {
fmt.Println("Oops! Try again with a valid password.")
}
}
extern crate tiny_keccak;
extern crate reqwest;
extern crate hex;
use std::io;
use tiny_keccak::Keccak;
use std::str;
fn main() {
let mut password = String::new();
println!("Enter the password:");
io::stdin().read_line(&mut password).unwrap();
if !password.trim().is_empty() {
let mut hasher = Keccak::new_keccak512();
hasher.update(password.as_bytes());
let mut res: [u8; 64] = [0; 64];
hasher.finalize(&mut res);
let pwd_hash = hex::encode(&res[0..5]); // Get 10 characters of hash
let apiUrl = format!("https://passwords.xposedornot.com/api/v1/pass/anon/{}", urlencoding::encode(&pwd_hash));
let resp = reqwest::get(&apiUrl).unwrap();
if !resp.status().is_success() {
println!("Oops: Password looks exposed and hence avoid using this");
} else {
println!("Password is safe");
}
} else {
println!("Oops! Try again with a valid password.");
}
}
如果我的密码泄露了,我该怎么办?
1.立即更改您的密码:如果您发现您的密码在数据泄露中遭到泄露,请立即将其更改为您在其他地方未使用的强而独特的密码。
2.开启双因素身份验证:通过打开双因素身份验证为您的帐户添加额外的安全层,这使得攻击者更难获得访问权限。
3.检查您的帐户活动:查看您的帐户活动日志,看看是否有任何奇怪或未经授权的活动,例如有人尝试登录或更改您的设置。
4.更新您的安全问题:如果您有与帐户相关的安全问题,请更新它们,因为它们也可能已被泄露。
5.检查您的其他帐户:检查您是否对任何其他帐户使用了相同或相似的密码,并将其更新为强大且唯一的密码。
6.密切关注您的财务状况:检查您的银行和信用卡帐户中是否有任何您不认识或未授权的交易。
7.报告违规行为:让相关当局了解数据泄露事件,无论是拥有受损帐户的公司还是政府机构。
8.使用密码管理器:考虑使用密码管理器为您的所有帐户创建和存储强而独特的密码。
9.保持警惕:留意任何身份盗用或欺诈活动的迹象,并立即报告任何可疑情况。
10.了解有关在线安全的更多信息:了解在线安全的最佳实践,并随时了解最新的威胁和漏洞。
数据泄露后你应该做什么
提醒我
哎呀! 请完成挑战,然后重试!
哎呀! 请输入有效的电子邮件以便收到提醒!
</div>