Skip to content

mprencipe/pasuri

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
db
db
 
 
filldb
filldb
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fill-db.sh
fill-db.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
test.sh
test.sh
 
 

Repository files navigation

Pasuri

A simple web service for determining has a password been leaked. Similar to the haveibeenpwned API but runnable in an environment where you don't have internet access. Implements k-anonymity.

Pasuri accepts a five character prefix of a SHA1 hashed password and returns their hash suffixes in JSON format. It is left to the user to compare the prefix and suffix to their full password hash.

Example response when queried with hash?prefix=9D4E1:

[
    "00CEA54681AAC972C1DD81152CB6F840B24",
    "00FCD1A8AAD59272746DDB3E8B0F9151A39",
    "011729341632C79E7484B8EA9D1511DF5B2"
]

Pasuri is written in Go and uses SQLite. The motivation for choosing SQLite is it's small size and the simplicity of the data structures. SQLite is good at optimizing integer storage so hashes are persisted as integers instead of hex strings.

Check out and install dependencies

git clone https://github.com/mprencipe/pasuri.git
go get

Run tests

./test.sh

Generate a database (pass.db) from plaintext (-t) or hash files (-h).

./fill-db.sh -t passwords.txt -h hashes.txt

Run with Docker

The Access-Control-Allow-Origin header can be controlled with the optional environmental variable CORS.

go build
docker build -t mprencipe/pasuri:0.1 .
docker run --rm -p 8080:8080 -e CORS=* --name pasuri mprencipe/pasuri:0.1

Run without Docker

# export CORS=*
go build
./pasuri

About

Leaked password validator with k-anonymity.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages