go-hibp

wneessen/go-hibp

Fork 0

mirror of https://github.com/wneessen/go-hibp.git synced 2024-11-09 15:32:52 +01:00

Commit graph

Author	SHA1	Message	Date
Winni Neessen	179cd36d7f	#27 : Implement NTLM hash support for PwnedPassAPI This PR implements support for NTLM hashes as announced by Troy Hunt: https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768 For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib" A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will operate on NTLM hashes. Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`	2023-02-09 17:07:20 +01:00

Author

SHA1

Message

Date

Winni Neessen

179cd36d7f

#27 : Implement NTLM hash support for PwnedPassAPI

This PR implements support for NTLM hashes as announced by Troy Hunt:
https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768

For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib"

A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will  operate on NTLM hashes.

Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`

2023-02-09 17:07:20 +01:00

1 commit