Created
June 17, 2012 16:08
-
-
Save trietptm/2944967 to your computer and use it in GitHub Desktop.
view-source:http://leakedin.org/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta name="description" content="LeakedIn: Is your password safe?"> | |
| <title>LeakedIn: Is your password safe?</title> | |
| <style type="text/css"> | |
| body { | |
| background: #fff; | |
| text-align: left; | |
| max-width: 500px; | |
| margin: 40px auto; | |
| padding: 0; | |
| color: #333; | |
| } | |
| h1 { | |
| font: normal bold 24px/32px Georgia, serif; | |
| cursor: pointer; | |
| display: block; | |
| padding: 0 15px; | |
| } | |
| p { | |
| font: normal normal 16px/24px Georgia, serif; | |
| padding: 0 15px; | |
| margin-bottom: 12px; | |
| } | |
| form { | |
| display: none; | |
| } | |
| label > span { | |
| font-weight: normal; | |
| color: #888; | |
| } | |
| input[type="text"] { | |
| -webkit-box-sizing: border-box; | |
| -moz-box-sizing: border-box; | |
| box-sizing: border-box; | |
| width: 100%; | |
| padding: 10px; | |
| margin: 20px 0; | |
| font: normal normal 16px/24px Georgia, serif; | |
| } | |
| button { | |
| border-radius: 2px; | |
| background: #0073B2; | |
| background: -webkit-linear-gradient(top, #2295d4, #0073B2); | |
| background: -moz-linear-gradient(top, #2295d4, #0073B2); | |
| box-shadow: inset 0 0 0 1px #2295d4; | |
| border: 1px solid #0073B2; | |
| color: #fff; | |
| cursor: pointer; | |
| padding: 5px 10px; | |
| font: normal normal 16px/24px Georgia, serif; | |
| display: block; | |
| min-width: 100px; | |
| } | |
| button:hover { | |
| background: #2295d4; | |
| } | |
| fieldset { | |
| -webkit-box-sizing: border-box; | |
| -moz-box-sizing: border-box; | |
| box-sizing: border-box; | |
| padding: 15px; | |
| background: #eee; | |
| border: 1px solid #ddd; | |
| margin: 0; | |
| } | |
| em { | |
| font-weight: bold; | |
| } | |
| ul, | |
| ol { | |
| display: block; | |
| padding: 0; | |
| } | |
| ol > li { | |
| font: normal normal 16px/24px Georgia, serif; | |
| padding: 10px 15px; | |
| } | |
| ul > li { | |
| background: #FF8000; | |
| list-style: none; | |
| display: block; | |
| color: #fff; | |
| border-bottom: 1px solid #ee7000; | |
| font: normal normal 16px/24px Georgia, serif; | |
| padding: 10px 20px; | |
| } | |
| ul > li.danger-zone { | |
| background: #D52129; | |
| border-bottom: 1px solid #c41018; | |
| } | |
| ul > li.safe { | |
| background: #51B749; | |
| border-bottom: 1px solid #40a638; | |
| } | |
| ul > li > a { | |
| color: #fff; | |
| } | |
| .strike { | |
| text-decoration: line-through; | |
| } | |
| #footer { | |
| margin: 48px 15px; | |
| padding-left: 121px; | |
| position: relative; | |
| } | |
| #footer > p { | |
| margin: 12px 0 0; | |
| padding: 0; | |
| } | |
| #fk { | |
| background: url('fk.png') 0 0 no-repeat transparent; | |
| display: block; | |
| height: 36px; | |
| width: 116px; | |
| position: absolute; | |
| left: 0; | |
| top: 50%; | |
| margin-top: -20px; | |
| text-indent: -9999px; | |
| } | |
| </style> | |
| <script type="application/javascript"> | |
| /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
| /* SHA-1 implementation in JavaScript | (c) Chris Veness 2002-2010 | www.movable-type.co.uk */ | |
| /* - see http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html */ | |
| /* http://csrc.nist.gov/groups/ST/toolkit/examples.html */ | |
| /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
| var Sha1 = {}; // Sha1 namespace | |
| /** | |
| * Generates SHA-1 hash of string | |
| * | |
| * @param {String} msg String to be hashed | |
| * @param {Boolean} [utf8encode=true] Encode msg as UTF-8 before generating hash | |
| * @returns {String} Hash of msg as hex character string | |
| */ | |
| Sha1.hash = function(msg, utf8encode) { | |
| utf8encode = (typeof utf8encode == 'undefined') ? true : utf8encode; | |
| // convert string to UTF-8, as SHA only deals with byte-streams | |
| if (utf8encode) msg = Utf8.encode(msg); | |
| // constants [§4.2.1] | |
| var K = [0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6]; | |
| // PREPROCESSING | |
| msg += String.fromCharCode(0x80); // add trailing '1' bit (+ 0's padding) to string [§5.1.1] | |
| // convert string msg into 512-bit/16-integer blocks arrays of ints [§5.2.1] | |
| var l = msg.length/4 + 2; // length (in 32-bit integers) of msg + ‘1’ + appended length | |
| var N = Math.ceil(l/16); // number of 16-integer-blocks required to hold 'l' ints | |
| var M = new Array(N); | |
| for (var i=0; i<N; i++) { | |
| M[i] = new Array(16); | |
| for (var j=0; j<16; j++) { // encode 4 chars per integer, big-endian encoding | |
| M[i][j] = (msg.charCodeAt(i*64+j*4)<<24) | (msg.charCodeAt(i*64+j*4+1)<<16) | | |
| (msg.charCodeAt(i*64+j*4+2)<<8) | (msg.charCodeAt(i*64+j*4+3)); | |
| } // note running off the end of msg is ok 'cos bitwise ops on NaN return 0 | |
| } | |
| // add length (in bits) into final pair of 32-bit integers (big-endian) [§5.1.1] | |
| // note: most significant word would be (len-1)*8 >>> 32, but since JS converts | |
| // bitwise-op args to 32 bits, we need to simulate this by arithmetic operators | |
| M[N-1][14] = ((msg.length-1)*8) / Math.pow(2, 32); M[N-1][14] = Math.floor(M[N-1][14]) | |
| M[N-1][15] = ((msg.length-1)*8) & 0xffffffff; | |
| // set initial hash value [§5.3.1] | |
| var H0 = 0x67452301; | |
| var H1 = 0xefcdab89; | |
| var H2 = 0x98badcfe; | |
| var H3 = 0x10325476; | |
| var H4 = 0xc3d2e1f0; | |
| // HASH COMPUTATION [§6.1.2] | |
| var W = new Array(80); var a, b, c, d, e; | |
| for (var i=0; i<N; i++) { | |
| // 1 - prepare message schedule 'W' | |
| for (var t=0; t<16; t++) W[t] = M[i][t]; | |
| for (var t=16; t<80; t++) W[t] = Sha1.ROTL(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16], 1); | |
| // 2 - initialise five working variables a, b, c, d, e with previous hash value | |
| a = H0; b = H1; c = H2; d = H3; e = H4; | |
| // 3 - main loop | |
| for (var t=0; t<80; t++) { | |
| var s = Math.floor(t/20); // seq for blocks of 'f' functions and 'K' constants | |
| var T = (Sha1.ROTL(a,5) + Sha1.f(s,b,c,d) + e + K[s] + W[t]) & 0xffffffff; | |
| e = d; | |
| d = c; | |
| c = Sha1.ROTL(b, 30); | |
| b = a; | |
| a = T; | |
| } | |
| // 4 - compute the new intermediate hash value | |
| H0 = (H0+a) & 0xffffffff; // note 'addition modulo 2^32' | |
| H1 = (H1+b) & 0xffffffff; | |
| H2 = (H2+c) & 0xffffffff; | |
| H3 = (H3+d) & 0xffffffff; | |
| H4 = (H4+e) & 0xffffffff; | |
| } | |
| return Sha1.toHexStr(H0) + Sha1.toHexStr(H1) + | |
| Sha1.toHexStr(H2) + Sha1.toHexStr(H3) + Sha1.toHexStr(H4); | |
| } | |
| // | |
| // function 'f' [§4.1.1] | |
| // | |
| Sha1.f = function(s, x, y, z) { | |
| switch (s) { | |
| case 0: return (x & y) ^ (~x & z); // Ch() | |
| case 1: return x ^ y ^ z; // Parity() | |
| case 2: return (x & y) ^ (x & z) ^ (y & z); // Maj() | |
| case 3: return x ^ y ^ z; // Parity() | |
| } | |
| } | |
| // | |
| // rotate left (circular left shift) value x by n positions [§3.2.5] | |
| // | |
| Sha1.ROTL = function(x, n) { | |
| return (x<<n) | (x>>>(32-n)); | |
| } | |
| // | |
| // hexadecimal representation of a number | |
| // (note toString(16) is implementation-dependant, and | |
| // in IE returns signed numbers when used on full words) | |
| // | |
| Sha1.toHexStr = function(n) { | |
| var s="", v; | |
| for (var i=7; i>=0; i--) { v = (n>>>(i*4)) & 0xf; s += v.toString(16); } | |
| return s; | |
| } | |
| /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
| /* Utf8 class: encode / decode between multi-byte Unicode characters and UTF-8 multiple */ | |
| /* single-byte character encoding (c) Chris Veness 2002-2010 */ | |
| /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
| var Utf8 = {}; // Utf8 namespace | |
| /** | |
| * Encode multi-byte Unicode string into utf-8 multiple single-byte characters | |
| * (BMP / basic multilingual plane only) | |
| * | |
| * Chars in range U+0080 - U+07FF are encoded in 2 chars, U+0800 - U+FFFF in 3 chars | |
| * | |
| * @param {String} strUni Unicode string to be encoded as UTF-8 | |
| * @returns {String} encoded string | |
| */ | |
| Utf8.encode = function(strUni) { | |
| // use regular expressions & String.replace callback function for better efficiency | |
| // than procedural approaches | |
| var strUtf = strUni.replace( | |
| /[\u0080-\u07ff]/g, // U+0080 - U+07FF => 2 bytes 110yyyyy, 10zzzzzz | |
| function(c) { | |
| var cc = c.charCodeAt(0); | |
| return String.fromCharCode(0xc0 | cc>>6, 0x80 | cc&0x3f); } | |
| ); | |
| strUtf = strUtf.replace( | |
| /[\u0800-\uffff]/g, // U+0800 - U+FFFF => 3 bytes 1110xxxx, 10yyyyyy, 10zzzzzz | |
| function(c) { | |
| var cc = c.charCodeAt(0); | |
| return String.fromCharCode(0xe0 | cc>>12, 0x80 | cc>>6&0x3F, 0x80 | cc&0x3f); } | |
| ); | |
| return strUtf; | |
| } | |
| /** | |
| * Decode utf-8 encoded string back into multi-byte Unicode characters | |
| * | |
| * @param {String} strUtf UTF-8 string to be decoded back to Unicode | |
| * @returns {String} decoded string | |
| */ | |
| Utf8.decode = function(strUtf) { | |
| // note: decode 3-byte chars first as decoded 2-byte strings could appear to be 3-byte char! | |
| var strUni = strUtf.replace( | |
| /[\u00e0-\u00ef][\u0080-\u00bf][\u0080-\u00bf]/g, // 3-byte chars | |
| function(c) { // (note parentheses for precence) | |
| var cc = ((c.charCodeAt(0)&0x0f)<<12) | ((c.charCodeAt(1)&0x3f)<<6) | ( c.charCodeAt(2)&0x3f); | |
| return String.fromCharCode(cc); } | |
| ); | |
| strUni = strUni.replace( | |
| /[\u00c0-\u00df][\u0080-\u00bf]/g, // 2-byte chars | |
| function(c) { // (note parentheses for precence) | |
| var cc = (c.charCodeAt(0)&0x1f)<<6 | c.charCodeAt(1)&0x3f; | |
| return String.fromCharCode(cc); } | |
| ); | |
| return strUni; | |
| } | |
| /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ | |
| function hashIt() { | |
| var el = document.getElementById('check'); | |
| if (el.value.match(/^[a-f0-9]{40}$/)) return; | |
| el.value = Sha1.hash(el.value); | |
| } | |
| window.onload = function () { | |
| document.getElementById('leakedin-check').style.display = 'block'; | |
| }; | |
| </script> | |
| </head> | |
| <body> | |
| <h1>LeakedIn</h1> | |
| <p>We have some bad news. 6.5 million LinkedIn passwords (unsalted SHA-1 hashes) were <a href="http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/">leaked</a>, and many of those have already been cracked. (See <a href="http://shiflett.org/blog/2012/jun/leakedin">Chris’s post</a> for more info.) Some of us were victims, and we want to help you find out if you were a victim, too.</p> | |
| <ol> | |
| <li>To be safe, you should consider your LinkedIn password unusable. In other words, <em>change it on LinkedIn</em> and on every site where you use the same password. <em>Never use it again</em>.</li> | |
| <li>If you want to find out if your password was one of the 6.5 million leaked passwords, enter it below. This should not be your current LinkedIn password. <em>You already changed it, right?</em></li> | |
| <li>No one can be certain that only 6.5 million passwords were leaked, so even if yours isn’t found, <em>we still recommend changing it</em>.</li> | |
| </ol> | |
| <noscript> | |
| <p>You must enable <em>Javascript</em> to check your password.<p> | |
| </noscript> | |
| <form id="leakedin-check" onsubmit="hashIt()"> | |
| <fieldset> | |
| <input autocomplete="off" type="text" name="check" id="check" onblur="hashIt()" placeholder="Type your password here" /> | |
| <button type="submit">Check</button> | |
| </fieldset> | |
| </form> | |
| <div id="footer"> | |
| <p><a id="fk" href="http://fictivekin.com">Fictive Kin</a> and <a href="http://shiflett.org/">friends</a>.</p> | |
| </div> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment