pwnedpasswords

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2018 License: MIT Imports: 12 Imported by: 0

README

go-pwnedpasswords

License GoDoc Latest Git Tag Travis master Build Status Go Cover Test Coverage Go Report Card

Package pwnedpasswords implements a client for checking passwords against the "Have I Been Pwned", Pwned Passwords API. The Pwned Passwords API implements a k-Anonymity model that allows you to check your password against the database without providing the API the full password or full SHA-1 password hash.

This works by creating a SHA-1 hash of the password locally, hex-encodes the SHA-1 checksum, and then sends the first five bytes (prefix) to the Pwned Passwords API. The API then returns the suffix of hashes it has that start with that prefix. The client then compares the returned hashes locally to look for a match. This prevents the password, hashed or not, from leaving the local system.

License

This code is released under the MIT License. Please see the LICENSE for the full content of the license.

Usage

client, err := pwnedpasswords.New(pwnedpasswords.DefaultURL)
// handle error

compromiseCount, err := client.Check([]byte("password"))
// handle error

// password was compromised on at least compromiseCount sites
if compromiseCount > 0 {
	// handle situation where password is compromised
	// in other words, never using it ever again...
}

// password may not be compromised

Documentation

Overview

Package pwnedpasswords implements a client for checking passwords against the "Have I Been Pwned", Pwned Passwords API. The Pwned Passwords API implements a k-Anonymity model that allows you to check your password against the database without providing the API the full password or full SHA-1 password hash.

This works by creating a SHA-1 hash of the password locally, hex-encodes the SHA-1 checksum, and then sends the first five bytes (prefix) to the Pwned Passwords API. The API then returns the suffix of hashes it has that start with that prefix. The client then compares the returned hashes locally to look for a match. This prevents the password, hashed or not, from leaving the local system.

Index

Constants

View Source 
const DefaultURL = "https://api.pwnedpasswords.com/range/"

DefaultURL is the default URL to the Pwned Passwords API.

View Source 
const Version = "1.0.0"

Version is the package version.

Variables

This section is empty.

Functions

func HashPassword 

func HashPassword(password []byte) (prefix, suffix string)

HashPassword takes a password, returns the SHA-1 hash split in to the prefix and suffix. The prefix is what's used by the API, and the suffix should then be used to match returned results.

Note: the full hash should *NEVER* be written to disk or sent across the network. If the value makes its way somewhere, it could be used to crack the password. You should only transmit the prefix to the PwnedPasswords API.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is for checking passwords against the Pwned Passwords API without leaking the password.

func New 

func New(urlStr string) (Client, error)

New returns a new Client for checking passwords against the API. The urlStr argument should be the full path to the API endpoint, including the trailing slash. A good default is pwnedpasswords.DefaultURL.

func (Client) Check 

func (c Client) Check(password []byte) (int, error)

Check returns the number of times the password appears in PwnedPassowrds, and any errors that occur. If the value of the int is 0, your password is clean. If the value is greater than 0, change your password!

Source Files

View all Source files

Directories

Path Synopsis
cmd
pp

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳