pwned-passwords | checking values against compromised HIBP | Identity Management library

by mattevans Go Version: v0.5.0 License: MIT

X-Ray Key Features Code Snippets Community Discussions(2)Vulnerabilities Install Support

kandi X-RAY | pwned-passwords Summary

pwned-passwords is a Go library typically used in Security, Identity Management applications. pwned-passwords has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

Go client library for checking values against compromised HIBP Pwned Passwords

Support

Quality

Security

License

Reuse

Support

pwned-passwords has a low active ecosystem.

It has 83 star(s) with 3 fork(s). There are 2 watchers for this library.

It had no major release in the last 12 months.

There are 1 open issues and 2 have been closed. On average issues are closed in 642 days. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of pwned-passwords is v0.5.0

Quality

pwned-passwords has no bugs reported.

Security

pwned-passwords has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

License

pwned-passwords is licensed under the MIT License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

pwned-passwords releases are available to install and integrate.

Installation instructions, examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi has reviewed pwned-passwords and discovered the below as its top functions. This is intended to give you an instant insight into pwned-passwords implemented functionality, and help decide if they suit your requirements.

NewRequest creates an API request .
NewClient returns a new Client .
hashString returns the sha1 hash of the given value .

Get all kandi verified functions for this library.

pwned-passwords Key Features

No Key Features are available at this moment for pwned-passwords.

pwned-passwords Examples and Code Snippets

No Code Snippets are available at this moment for pwned-passwords.

Community Discussions

Trending Discussions on pwned-passwords

Fastest way to index large sorted hash file

Why the most common prefix of hashed (SHA1) passwords is "00000"?

QUESTION

Fastest way to index large sorted hash file

Asked 2020-May-12 at 09:09

I am building a file-based index for the sorted haveibeenpwned passwords text file and it got me wondering what's the fastest way to do this?

I figured a good way to build a quickly grep-able index would be split the sorted file into 256 files named with the first two hex digits (i.e. FF.txt, FE.txt, etc). I found ripgrep rg to be about 5 times faster than grep on my computer. So I tried something like this:

...

ANSWER

Answered 2019-May-16 at 17:17

ripgrep, like any other tool that's able to work with unsorted input files at all, is the wrong tool for this job. When you're trying to grep sorted inputs, you want something that can bisect your input file to find a position in logarithmic time. For big enough inputs, even a slow O(log n) implementation will be faster than a highly optimized O(n) one.

pts-line-bisect is one such tool, though of course you're also welcome to write your own. You'll need to write it in a language with full access to the seek() syscall, which is not exposed in bash.

Source https://stackoverflow.com/questions/56173438

QUESTION

Why the most common prefix of hashed (SHA1) passwords is "00000"?

Asked 2019-Feb-03 at 06:59

I was reading a post in Troy Hunt's blog (https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/), about a feature called "Pwned Passwords" that checks if your password is in a database with more than 1 billion leaked passwords.

To do this check without passing your password, the client code hash it and pass just the first five chars of this hash, the backend returns all the sha1 hashes of the passwords that starts with the prefix that you passed. Then, to check if the hash of your password is in the database or not, the comparison is made on client code.

And he put some info about the data of these hashed passwords...

Every hash prefix from 00000 to FFFFF is populated with data (16^5 combinations)

The average number of hashes returned is 478

The smallest is 381 (hash prefixes "E0812" and "E613D")

The largest is 584 (hash prefixes "00000" and "4A4E8")

In the comments, people was wondering if the presence of this "00000" is a coincidence or is math...

Could someone that understands the SHA1 algorithm explain it to us?

...

ANSWER

Answered 2018-Feb-25 at 06:36

It's either a coincidence, or (less likely) an artifact/error in acquiring or assembling the results for publication.

Not that it looks like a significant outlier. The spread that's described (381 min, 478 average, 584 max) seems like an even spread for the sample size. A graph of the entire corpus would probably look pretty random.

Like any reasonably constructed hashing algorithm, character frequency in SHA1 results should be randomly distributed. (If SHA1 had some kind of bias, this would be major news in the math and cryptography/cryptology community!)

Source https://stackoverflow.com/questions/48932841

Community Discussions, Code Snippets contain sources that include Stack Exchange Network