pwCheck is a utility package that gives password strength and verifies passphrase has not been compromised in a previous breach using the https://haveibeenpwned.com API and the Dropbox zxcvbn method for estimating passphrase strength.
go get github.com/dwin/pwCheck // ClientTimeout specifies the timeout of the HTTP API Client in seconds // A Timeout of zero means no timeout. ClientTimeout = 5// Pwd is returned as a struct pointer when calling CheckForPwnage type Pwd struct { Pwned bool // Pwned returns true if passphrase is found pwned via API Pass string // Pass returns the passphrase string passed to the function TimesPwned int // TimesPwned returns the number of times the passphrase was found in the database } // CheckResult is returned as a struct when calling CheckPass() type CheckResult struct { Pwned bool // Pwned indicates if the pass given was found in previous breach Pass string // Pass returns the string passed to the function Score int // Score returns a 0-4 score of password strength, useful for gauge etc. CrackTimeSeconds float64 // CrackTimeSeconds indicates the estimated time to crack this password at ~ 10ms per guess in seconds CrackTimeDisplay string // CrackTimeDisplay indicates the estimated time in seconds to years or centuries to crack password at ~ 10ms per guess }CheckPass() sends SHA1 partial hash of password to HaveIBeenPwned.com API to check for previous compromise and also computes strength using the Dropbox "zxcvbn: realistic password strength estimation" method using zxcvbn-go.
See other examples.
func example() { userPass := form.Data("password") checkRes, err := pwcheck.CheckPass(passFromUser) if err != nil { // Handle Error } if result.Pwned { // If pwned this password was found in compromised password database // and you should handle or inform user. } if result.Score < 1 { // If score is less than 1 this is a weak password and should not be used } }- HTTP Client Timeout