mirror of
https://github.com/wneessen/apg-go.git
synced 2024-11-22 05:40:51 +01:00
Add HIBP password check functionality
Implemented HIBP password check feature which will crosscheck generated passwords with the HIBP pwned passwords database. This functionality enhances security by not recommending potentially compromised passwords. A new flag, CheckHIBP has been added to enable or disable this feature.
This commit is contained in:
parent
4b0437d3b1
commit
87f93ddbc6
5 changed files with 36 additions and 1 deletions
|
@ -43,6 +43,7 @@ func main() {
|
||||||
flag.Int64Var(&config.NumberPass, "n", config.NumberPass, "")
|
flag.Int64Var(&config.NumberPass, "n", config.NumberPass, "")
|
||||||
flag.BoolVar(&config.SpellPassword, "l", false, "")
|
flag.BoolVar(&config.SpellPassword, "l", false, "")
|
||||||
flag.BoolVar(&config.SpellPronounceable, "t", false, "")
|
flag.BoolVar(&config.SpellPronounceable, "t", false, "")
|
||||||
|
flag.BoolVar(&config.CheckHIBP, "p", false, "")
|
||||||
flag.Usage = usage
|
flag.Usage = usage
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
|
@ -132,6 +133,17 @@ func main() {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
fmt.Println(password)
|
fmt.Println(password)
|
||||||
|
|
||||||
|
if config.CheckHIBP {
|
||||||
|
pwned, err := apg.HasBeenPwned(password)
|
||||||
|
if err != nil {
|
||||||
|
_, _ = fmt.Fprintf(os.Stderr, "failed to check HIBP database: %s\n", err)
|
||||||
|
}
|
||||||
|
if pwned {
|
||||||
|
fmt.Print("^-- !!WARNING: The previously generated password was found in " +
|
||||||
|
"HIBP database. Do not use it!!\n")
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -15,8 +15,11 @@ const (
|
||||||
|
|
||||||
// Config represents the apg.Generator config parameters
|
// Config represents the apg.Generator config parameters
|
||||||
type Config struct {
|
type Config struct {
|
||||||
// Algo
|
// Algorithm sets the Algorithm used for the password generation
|
||||||
Algorithm Algorithm
|
Algorithm Algorithm
|
||||||
|
// CheckHIBP sets a flag if the generated password has to be checked
|
||||||
|
// against the HIBP pwned password database
|
||||||
|
CheckHIBP bool
|
||||||
// FixedLength sets a fixed length for generated passwords and ignores
|
// FixedLength sets a fixed length for generated passwords and ignores
|
||||||
// the MinLength and MaxLength values
|
// the MinLength and MaxLength values
|
||||||
FixedLength int64
|
FixedLength int64
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -1,3 +1,5 @@
|
||||||
module src.neessen.cloud/wneessen/apg-go
|
module src.neessen.cloud/wneessen/apg-go
|
||||||
|
|
||||||
go 1.22
|
go 1.22
|
||||||
|
|
||||||
|
require github.com/wneessen/go-hibp v1.0.6
|
||||||
|
|
2
go.sum
Normal file
2
go.sum
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
github.com/wneessen/go-hibp v1.0.6 h1:RpV540tVJpxefjCCctzq1cQaIFFlkd3nh+HhPVD6Hys=
|
||||||
|
github.com/wneessen/go-hibp v1.0.6/go.mod h1:Ldg6DQg4fMCveVKgL+RL9Jy+9TsljjAP704Ix8X3jOw=
|
16
hibp.go
Normal file
16
hibp.go
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
package apg
|
||||||
|
|
||||||
|
import (
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/wneessen/go-hibp"
|
||||||
|
)
|
||||||
|
|
||||||
|
// HasBeenPwned checks the given password string against the HIBP pwned
|
||||||
|
// passwords database and returns true if the password has been leaked
|
||||||
|
func HasBeenPwned(password string) (bool, error) {
|
||||||
|
hc := hibp.New(hibp.WithHTTPTimeout(time.Second*2),
|
||||||
|
hibp.WithPwnedPadding())
|
||||||
|
matches, _, err := hc.PwnedPassAPI.CheckPassword(password)
|
||||||
|
return matches != nil && matches.Count != 0, err
|
||||||
|
}
|
Loading…
Reference in a new issue