nspv is a password validation library for Go, compatible with NIST Special Publication 800-63B.
NIST Special Publication 800-63B is a notable guideline for digital identity / authentication.
nspv validates a password with policies based on this guideline. The policies are described below.
- Ensure the password length. (min 8 characters, max 64 characters, by default)
- Compare the password against a list that contains values known to be commonly-used, expected, or compromised. (use Have I Been Pwned internally)
- Judge whether the password could be predicable in the request context. (use Levenshtein Distance)
go get -u github.com/s-tajima/nspv
v := nspv.NewValidator()
v.SetDict([]string{"nist-sp-800-63"})
res, err := v.Validate("_sup3r_comp1ex_passw0rd_")
if err != nil {
// Something wrong with validataion. (e.g. HIBP API Error)
}
if res != nspv.Ok {
// Validation failure.
}
fmt.Println(result.String()) // Ok
res, _ = v.Validate("short")
fmt.Println(res.String()) // ViolateMinLengthCheck
res, _ = v.Validate("password")
fmt.Println(res.String()) // ViolateHibpCheck
res, _ = v.Validate("n1st-sp-800-63")
fmt.Println(res.String()) // ViolateDictCheck