README
¶
nspv - NIST SP 800-63B Validator
nspv is a password validation library for Go, compatible with NIST Special Publication 800-63B.
Description
NIST Special Publication 800-63B is a notable guideline for digital identity / authentication.
nspv validates a password with policies based on this guideline. The policies are described below.
- Ensure the password length. (min 8 characters, max 64 characters, by default)
- Compare the password against a list that contains values known to be commonly-used, expected, or compromised. (use Have I Been Pwned internally)
- Judge the password could be predicable in the request context. (use Levenshtein Distance)
Installation
go get -u github.com/s-tajima/nspv
Usage
v := nspv.NewValidator()
v.SetDict([]string{"nist-sp-800-63"})
res, err := v.Validate("_sup3r_comp1ex_passw0rd_")
if err != nil {
// Something wrong with validataion. (e.g. HIBP API Error)
}
if res != nspv.Ok {
// Validation failure.
}
fmt.Println(result.String()) // Ok
res, _ = v.Validate("short")
fmt.Println(res.String()) // ViolateMinLengthCheck
res, _ = v.Validate("password")
fmt.Println(res.String()) // ViolateHibpCheck
res, _ = v.Validate("n1st-sp-800-63")
fmt.Println(res.String()) // ViolateDictCheck
License
Author
Documentation
¶
Index ¶
- Constants
- type Result
- type Validator
- func (v *Validator) SetDict(dict []string)
- func (v *Validator) SetHibpClientContext(ctx context.Context)
- func (v *Validator) SetHibpThreshold(threshold int)
- func (v *Validator) SetIgnoreHibpError(flag bool)
- func (v *Validator) SetLevenshteinThreshold(threshold int)
- func (v *Validator) SetMaxLength(length int)
- func (v *Validator) SetMinLength(length int)
- func (v *Validator) Validate(password string) (result Result, err error)
Constants ¶
const ( DefaultMinLength = 8 // Default minimum length of the password. DefaultMaxLength = 64 // Default maximum length of the password. DefaultHibpThreshold = 0 // Default threshold of HIBP count for the password. DefaultLevenshteinThreshold = 2 // Default threshold of the Levenshtein distance to the dictionary for the password. )
const (
HibpApiBaseURL = "https://api.pwnedpasswords.com"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Result ¶
type Result int
Result of the validation.
const ( Ok Result // Validation OK ViolateMinLengthCheck // Violate minimum length check. ViolateMaxLengthCheck // Violate maximum length check. ViolateDictCheck // Violate dictionary check. ViolateHibpCheck // Violate HIBP check. Error // Validation Error )
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator
func (*Validator) SetHibpClientContext ¶
SetHibpClientContext set context.Context for the request to HIBP.
func (*Validator) SetHibpThreshold ¶
SetHibpThreshold set threshold of HIBP count for the password.
func (*Validator) SetIgnoreHibpError ¶
SetIgnoreHibpError set the flag for ignore hibp error. (not recommended)
func (*Validator) SetLevenshteinThreshold ¶
SetLevenshteinThreshold set threshold of the Levenshtein distance to the dictionary for the password.
func (*Validator) SetMaxLength ¶
SetMaxLength set maximum length of the password.
func (*Validator) SetMinLength ¶
SetMinLength set minimum length of the password.
Source Files
Directories