{"id":26977191,"url":"https://github.com/phrozen/password-breach-checker","last_synced_at":"2025-04-03T12:18:36.826Z","repository":{"id":197073219,"uuid":"697947398","full_name":"phrozen/password-breach-checker","owner":"phrozen","description":null,"archived":false,"fork":false,"pushed_at":"2023-09-28T20:43:14.000Z","size":2756,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-06-21T17:04:00.312Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phrozen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-09-28T20:02:24.000Z","updated_at":"2023-09-30T17:44:55.000Z","dependencies_parsed_at":"2023-09-28T23:24:04.728Z","dependency_job_id":null,"html_url":"https://github.com/phrozen/password-breach-checker","commit_stats":null,"previous_names":["phrozen/password-breach-checker"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrozen%2Fpassword-breach-checker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrozen%2Fpassword-breach-checker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrozen%2Fpassword-breach-checker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrozen%2Fpassword-breach-checker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phrozen","download_url":"https://codeload.github.com/phrozen/password-breach-checker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246998187,"owners_count":20866696,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-03T12:18:35.653Z","updated_at":"2025-04-03T12:18:36.805Z","avatar_url":"https://github.com/phrozen.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Password Breach Checker\n\nThe purpose of this repository is a proof of concept to make a clone of the API found at: [haveibeenpwned](https://haveibeenpwned.com/Passwords)\n\nThe general guideline is to explore optimization techniques in Go and use the provided password hash file as much as possible to avoid using any database while at the same time having a high performant service.\n\nTo download the password hashes file with counts (ordered by hash) go to [haveibeenpwned](https://haveibeenpwned.com/Passwords) and follow the instructions. Alternatively, go directly into the [PwnedPasswordsDownloader repository](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader), install the tool and run it locally to get the latest version (around 35.55GB with 866'044,561 hash/count pairs at the time of writing).\n\nCreate a `data` folder at the root and save your downloaded `.txt` file there, the database package tests expect the name `data/pwned-passwords-sha1-ordered-by-hash-v8.bin`, but name it as you want if not running tests. To get the `.bin` file, compile and run `cmd\\process` by passing the `.txt` file as an input with the `-f` flag. This will process the text file into binary with constant size per hash(20) + count(4) pair of 24 bytes. With the binary file, the database package can use **Memory Mapping** to perform **Binary Search** on it for a highly efficient, read-only, search engine.\n\nThe `cmd/check` utility can be used to quickly check a password against the database.\n\nThe `cmd/server` provides a quick API to check passwords against the database by receiving a SHA1 hash and returning a counter of breaches, where `0` means `Not Found` in the database. It includes a minimal frontend to test the API embedded in the binary. It has some flags to pass the binary database file, specify a port, or disable logging when running load tests.\n\n## K6 Load Testing\nA simple [K6](https://k6.io/) script is provided in the `load.js` file for Load Testing the API.\n\n```plain\n❯ k6 run --vus 30 --duration 60s load.js\n\n          /\\      |‾‾| /‾‾/   /‾‾/\n     /\\  /  \\     |  |/  /   /  /\n    /  \\/    \\    |     (   /   ‾‾\\\n   /          \\   |  |\\  \\ |  (‾)  |\n  / __________ \\  |__| \\__\\ \\_____/ .io\n\n  execution: local\n     script: load.js\n     output: -\n\n  scenarios: (100.00%) 1 scenario, 30 max VUs, 1m30s max duration (incl. graceful stop):\n           * default: 30 looping VUs for 1m0s (gracefulStop: 30s)\n\n\nrunning (1m00.0s), 00/30 VUs, 3012451 complete and 0 interrupted iterations\ndefault ✓ [======================================] 30 VUs  1m0s\n\n     data_received..................: 353 MB  5.9 MB/s\n     data_sent......................: 603 MB  10 MB/s\n     http_req_blocked...............: avg=1.41µs   min=0s med=0s      max=5.42ms  p(90)=0s     p(95)=0s\n     http_req_connecting............: avg=12ns     min=0s med=0s      max=1.91ms  p(90)=0s     p(95)=0s\n     http_req_duration..............: avg=450.23µs min=0s med=505.7µs max=26.5ms  p(90)=1ms    p(95)=1.09ms\n       { expected_response:true }...: avg=450.23µs min=0s med=505.7µs max=26.5ms  p(90)=1ms    p(95)=1.09ms\n     http_req_failed................: 0.00%   ✓ 0            ✗ 3012451\n     http_req_receiving.............: avg=19.32µs  min=0s med=0s      max=24.52ms p(90)=0s     p(95)=0s\n     http_req_sending...............: avg=10.09µs  min=0s med=0s      max=9.7ms   p(90)=0s     p(95)=0s\n     http_req_tls_handshaking.......: avg=0s       min=0s med=0s      max=0s      p(90)=0s     p(95)=0s\n     http_req_waiting...............: avg=420.81µs min=0s med=505µs   max=16.3ms  p(90)=1ms    p(95)=1.05ms\n     http_reqs......................: 3012451 50206.965562/s\n     iteration_duration.............: avg=592.1µs  min=0s med=539.5µs max=26.81ms p(90)=1.05ms p(95)=1.34ms\n     iterations.....................: 3012451 50206.965562/s\n     vus............................: 30      min=30         max=30\n     vus_max........................: 30      min=30         max=30\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphrozen%2Fpassword-breach-checker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphrozen%2Fpassword-breach-checker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphrozen%2Fpassword-breach-checker/lists"}