pwned

package module

v0.0.0-...-9749f8d Latest Latest Go to latest Published: Mar 23, 2019 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ecnepsnai/go-pwnedpassword

Links

Open Source Insights

README ¶

Golang Pwned Passwords

A package to determine if a given password has been "pwned", meaning the password has been compromised and may be used in a credential stuffing type attack. This package makes use of the "pwned passwords" feature of "Have I Been Pwned" https://haveibeenpwned.com/, which was created by Troy Hunt.

Installation

go get "github.com/ecnepsnai/go-pwnedpassword/

Usage

To check if a password has been compromised:

import "github.com/ecnepsnai/go-pwnedpassword"

password := "Your Users Password"
result, err := pwned.IsPwned(password)
if err != nil {
    // Something went wrong (probably couldn't contact the pwned password API)
}

if !result.Pwned {
    // Password hasn't been seen before. Doesn't mean it's safe, just lucky.
} else {
    count := result.TimesObserved
    // Password has been seen `count` times before.
}

If you want, you can also use pwned.IsPwnedAsync to check asynchronously:

import "github.com/ecnepsnai/go-pwnedpassword"

pwned.IsPwnedAsync(req.Password, func(result *pwned.Result, err error) {
    if err != nil {
        // Something went wrong (probably couldn't contact the pwned password API)
    }

    if !result.Pwned {
        // Password hasn't been seen before. Doesn't mean it's safe, just lucky.
    } else {
        count := result.TimesObserved
        // Password has been seen `count` times before.
    }
})

License

MIT

go-pwnedpassword is not endorsed or affiliated with Troy Hunt, Have I Been Pwned, or Pwned Passwords.

Documentation ¶

Overview ¶

Package pwned A package to determine if a given password has been "pwned", meaning the password has been compromised and may be used in a credential stuffing type attack. This package makes use of the "pwned passwords" feature of "Have I Been Pwned" https://haveibeenpwned.com/Passwords, which was created by Troy Hunt.

Index ¶

func IsPwnedAsync(password string, cb func(*Result, error))
type Result
- func IsPwned(password string) (*Result, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsPwnedAsync ¶

func IsPwnedAsync(password string, cb func(*Result, error))

IsPwnedAsync will asynchronously check if the provided password has been pwned. Calls `cb` with the result when finished.

Types ¶

type Result ¶

type Result struct {
	// Pwned has the password been seen at least once. A value of false doesn't mean the password is any good though.
	Pwned bool
	// TimesObserved the number of times this password has been seen by the pwned password service.
	TimesObserved uint64
}

Result describes a result from the Pwned Password service.

func IsPwned ¶

func IsPwned(password string) (*Result, error)

IsPwned will synchronously check if the provided password has been pwned.

Source Files ¶

View all Source files

pwned.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL