mirror of
https://github.com/wneessen/apg-go.git
synced 2024-09-19 03:12:47 +02:00
Winni Neessen
5a29d4bc19
Even though the generated passwords are generated in a secure way, there is a minimal chance, that the same password was used by someone before and this password was part of a leak. If you want to be on the safe side, you can now use the "-p" parameter, to have your newly generated password against the HIBP (https://haveibeenpwned.com) database. This feature is disabled by default, since it requires internet access and also the API call might take ~500ms to 1sec.
44 lines
865 B
Go
44 lines
865 B
Go
package main
|
|
|
|
import (
|
|
"bufio"
|
|
"crypto/sha1"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func checkHibp(p string) (bool, error) {
|
|
shaSum := fmt.Sprintf("%x", sha1.Sum([]byte(p)))
|
|
firstPart := shaSum[0:5]
|
|
secondPart := shaSum[5:]
|
|
isPwned := false
|
|
|
|
httpClient := &http.Client{Timeout: time.Second * 2}
|
|
httpRes, err := httpClient.Get("https://api.pwnedpasswords.com/range/" + firstPart)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
defer func() {
|
|
err := httpRes.Body.Close()
|
|
if err != nil {
|
|
log.Printf("error while closing HTTP response body: %v", err)
|
|
}
|
|
}()
|
|
|
|
scanObj := bufio.NewScanner(httpRes.Body)
|
|
for scanObj.Scan() {
|
|
scanLine := strings.SplitN(scanObj.Text(), ":", 2)
|
|
if strings.ToLower(scanLine[0]) == secondPart {
|
|
isPwned = true
|
|
break
|
|
}
|
|
}
|
|
if err := scanObj.Err(); err != nil {
|
|
return isPwned, err
|
|
}
|
|
|
|
return isPwned, nil
|
|
}
|