wneessen/apg-go
1
1
Fork 0
mirror of https://github.com/wneessen/apg-go.git synced 2024-11-09 15:52:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
apg-go/hibp.go

45 lines
865 B
Go
Raw Normal View History

Added optional HIBP database check Even though the generated passwords are generated in a secure way, there is a minimal chance, that the same password was used by someone before and this password was part of a leak. If you want to be on the safe side, you can now use the "-p" parameter, to have your newly generated password against the HIBP (https://haveibeenpwned.com) database. This feature is disabled by default, since it requires internet access and also the API call might take ~500ms to 1sec.
2021-04-29 12:22:10 +02:00
package main
import (
"bufio"
"crypto/sha1"
"fmt"
"log"
"net/http"
"strings"
"time"
)
func checkHibp(p string) (bool, error) {
shaSum := fmt.Sprintf("%x", sha1.Sum([]byte(p)))
firstPart := shaSum[0:5]
secondPart := shaSum[5:]
isPwned := false
httpClient := &http.Client{Timeout: time.Second * 2}
httpRes, err := httpClient.Get("https://api.pwnedpasswords.com/range/" + firstPart)
if err != nil {
return false, err
}
defer func() {
err := httpRes.Body.Close()
if err != nil {
log.Printf("error while closing HTTP response body: %v", err)
}
}()
scanObj := bufio.NewScanner(httpRes.Body)
for scanObj.Scan() {
scanLine := strings.SplitN(scanObj.Text(), ":", 2)
if strings.ToLower(scanLine[0]) == secondPart {
isPwned = true
break
}
}
if err := scanObj.Err(); err != nil {
return isPwned, err
}
return isPwned, nil
}
Reference in a new issue Copy permalink