How to improve users' passwords in Go applications?

Crunchy, new library for Goland, will help you and users of your app to avoid weak passwords
02 August 2017   513
Go

Open source project developed by a team at Google and many contributors from the open source community.

Very often hackers are able to hijack user's account just because passwords are too "weak" or popular. Every experienced user have to remember simple rules and avoid using passwords like "qwerty" or "12345".

How can a developer help user to create a solid password? By using the special reminders, that will notify user about the problem in his password.

Crunchy, a new Go library will coder in this situation. It finds common flaws in passwords. Like cracklib, but written in Go.

It can detect:

  • Empty passwords
  • Too short passwords
  • Too few different characters, like "abcddd"
  • Systematic passwords, like "abcdef" or "654321"
  • Passwords from a dictionary / wordlist
  • Mangled / reversed passwords like "p@ssw0rd" or "drowssap"

Your system dictionaries from /usr/share/dict will be indexed. If no dictionaries were found, crunchy only relies on the regular sanity checks (ErrEmpty, ErrTooShort and ErrTooSystematic). On Ubuntu it is recommended to install the wordlists distributed with cracklib-runtime, on macOS you can install cracklib-words from brew. You could also install various other language dictionaries or wordlists, e.g. from skullsecurity.org.

crunchy uses the WagnerFischer algorithm to find mangled passwords in your dictionaries.

You can learn more about Crunchy at GitHub

Brigade launched

Event-driven scripting tool for Kubernetes released by Microsoft
31 October 2017   447

Microsoft has unveiled its new Open Source development for the needs of DevOps, a Brigade utility designed to run scripts that are executed on a Kubernetes cluster on an event.

The Brigade utility was created by former employees of Deis, a company that Microsoft bought earlier this year. Deis was working on Kubernetes, Helm and Draft. The purpose of Brigade is to "script simple and complex workflows using JavaScript." The solution allows to associate containers by running them sequentially or in parallel and invoking scripts based on time, events in GitHub (also supported by "DockerHub and other popular web services"), push operations in Docker or other triggers. Readme of the project describes it as "a tool for creating pipelines for Kubernetes".

Brigade architecture
Brigade architecture 

Brigade is written in Go and TypeScript / JavaScript, it functions as a service inside Kubernetes. The job (task) in Brigade is a JavaScript script that is interpreted by the product service, which leads to the creation of the necessary resources in Kubernetes. Next, Brigade expects events and performs the corresponding task trigger. It is assumed that the new solution is well suited for the tasks of continuous integration and delivery of applications (CI / CD), tk. simplifies automated testing, assembly of artifacts and releases, management of software deployment.

Check GitHub for more information.