univ-rennes2/pwned-passwords
Composer 安装命令:
composer require univ-rennes2/pwned-passwords
包简介
A PHP lib for Pwned Passwords's API
README 文档
README
A PHP library for the Pwned Passwords's API from Troy Hunt's Have I Been Pwned project.
The main feature compare to others is that you can configure your own API endpoint if don't want to use HIBP's API.
Table of Contents
What about security of the Pwned Password API ?
Testing real passwords on a remote API ? What about security and privacy ?
You don't send the password to the API, only the first 5 characters of the SHA1 password's hash are sent to the endpoint API. It's the implementation of a mathematical property called k-anonymity.
Not enough for you ? You can build your own API by using this Golang project :
- to build an optimized binary file from the official database files
- to run an httpd handler who reproduce the HIBP Pwned Password API.
This PHP Pwned Passwords lib permit you to change the API endpoint.
Read more about :
Install
composer require univ-rennes2/pwned-passwords
Usage
<?php
declare(strict_types=1);
require_once __DIR__ . '/vendor/autoload.php';
use UniversiteRennes2\PwnedPasswords\PwnedPasswords;
$PPApi = new PwnedPasswords();
// Set new URI for API if have local API server (like this API server in Golang : <https://github.com/tylerchr/pwnedpass>)
// default is set to Troy Hunt's API.
// $PPApi->setApiUrl('http://127.0.0.1:3000/range');
$password = '123456';
// Just test of pwned or not
if ($PPApi->isPwned($password)) {
// Pwned password
printf("%s have been pwned\n", $password);
} else {
// Not Pwned password
printf("%s have NOT been pwned\n", $password);
}
// To knows how many times it have been pwned
$pwned = $PPApi->howManyPwned($password);
if ($pwned > 0) {
// Pwned
printf("%s have been pwned %s times\n", $password, $pwned);
} else {
// Not pwned
printf("%s have NOT been pwned\n");
}
Contribute
See CONTRIBUTING.md
License
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License v3.0 or later as published by the Free Software Foundation.
The program in this repository meet the requirements to be REUSE compliant, meaning its license and copyright is expressed in such as way so that it can be read by both humans and computers alike.
For more information, see https://reuse.software/
univ-rennes2/pwned-passwords 适用场景与选型建议
univ-rennes2/pwned-passwords 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 44 次下载、GitHub Stars 达 1, 最近一次更新时间为 2019 年 02 月 12 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「password」 「password strength」 「haveibeenpwned」 「password policy」 「hibp」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 univ-rennes2/pwned-passwords 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 univ-rennes2/pwned-passwords 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 univ-rennes2/pwned-passwords 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
This package provides a validator for ensuring strong passwords in Laravel 6 applications.
The PHP class PasswordGenerator serves as a password generator to create memorable passwords like the keychain of macOS ≤ 10.14 did.
Provide a way to secure accesses to all routes of an symfony application.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
High-level cryptographic primitives and security utilities for Maatify systems including password hashing, reversible encryption, HKDF key derivation, and key rotation.
A library for reading KeePass 2.x databases
统计信息
- 总下载量: 44
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: LGPL-3.0-or-later
- 更新时间: 2019-02-12