How to improve users' passwords in Go applications?

Crunchy, new library for Goland, will help you and users of your app to avoid weak passwords
02 August 2017   796
Go

Open source project developed by a team at Google and many contributors from the open source community.

Very often hackers are able to hijack user's account just because passwords are too "weak" or popular. Every experienced user have to remember simple rules and avoid using passwords like "qwerty" or "12345".

How can a developer help user to create a solid password? By using the special reminders, that will notify user about the problem in his password.

Crunchy, a new Go library will coder in this situation. It finds common flaws in passwords. Like cracklib, but written in Go.

It can detect:

  • Empty passwords
  • Too short passwords
  • Too few different characters, like "abcddd"
  • Systematic passwords, like "abcdef" or "654321"
  • Passwords from a dictionary / wordlist
  • Mangled / reversed passwords like "p@ssw0rd" or "drowssap"

Your system dictionaries from /usr/share/dict will be indexed. If no dictionaries were found, crunchy only relies on the regular sanity checks (ErrEmpty, ErrTooShort and ErrTooSystematic). On Ubuntu it is recommended to install the wordlists distributed with cracklib-runtime, on macOS you can install cracklib-words from brew. You could also install various other language dictionaries or wordlists, e.g. from skullsecurity.org.

crunchy uses the WagnerFischer algorithm to find mangled passwords in your dictionaries.

You can learn more about Crunchy at GitHub

NGINX to Release Unit 1.3 Beta

Developers expanded the ability to run web applications in Python, PHP, Perl, Ruby and Go
16 July 2018   95

In open access, a beta version of the NGINX Unit 1.3 application server was released. Developers continued to expand the ability to run web applications in Python, PHP, Perl, Ruby and Go. The project code is written in C and is distributed under the Apache 2.0 license.

Features

Version 1.3 eliminates the problems with handling errors when installing HTTP connections.

Among other changes:

  • parameter max_body_size to limit the size of the body of the request;
  • new parameters for setting timeouts when setting up an HTTP connection:
         "settings": {
              "http": {
                  "header_read_timeout": 30,
                  "body_read_timeout": 30,
                  "send_timeout": 30,
                  "idle_timeout": 180,
                  "max_body_size": 8388608
              }
          },
  • automatic use of the Bundler where possible in the Ruby module;
  • http.Flusher interface in the module for the Go language;
  • The possibility of using characters in the UTF-8 encoding in the request headers.

The first version of the NGINX 1.1 application server was released in mid-April 2018. Under the control of NGINX Unit, several applications can be executed simultaneously in different programming languages, the startup parameters of which can be changed dynamically without the need to edit the configuration files and restart.