How to improve users' passwords in Go applications?

Crunchy, new library for Goland, will help you and users of your app to avoid weak passwords
02 August 2017   1132
Go

Open source project developed by a team at Google and many contributors from the open source community.

Very often hackers are able to hijack user's account just because passwords are too "weak" or popular. Every experienced user have to remember simple rules and avoid using passwords like "qwerty" or "12345".

How can a developer help user to create a solid password? By using the special reminders, that will notify user about the problem in his password.

Crunchy, a new Go library will coder in this situation. It finds common flaws in passwords. Like cracklib, but written in Go.

It can detect:

  • Empty passwords
  • Too short passwords
  • Too few different characters, like "abcddd"
  • Systematic passwords, like "abcdef" or "654321"
  • Passwords from a dictionary / wordlist
  • Mangled / reversed passwords like "p@ssw0rd" or "drowssap"

Your system dictionaries from /usr/share/dict will be indexed. If no dictionaries were found, crunchy only relies on the regular sanity checks (ErrEmpty, ErrTooShort and ErrTooSystematic). On Ubuntu it is recommended to install the wordlists distributed with cracklib-runtime, on macOS you can install cracklib-words from brew. You could also install various other language dictionaries or wordlists, e.g. from skullsecurity.org.

crunchy uses the WagnerFischer algorithm to find mangled passwords in your dictionaries.

You can learn more about Crunchy at GitHub

GoLand 2018.3 to be Released by JetBrains

New version of IDE for Go programming language has a lot of new features
22 November 2018   373

Team JetBrains introduced a new version of IDE GoLand 2018.3. In this update, users will see:

  • refactoring by changing the signature;
  • memory dump;
  • Testify support;
  • new debugger tools;
  • Improved verification, prediction and code completion;
  • chart support;
  • updates for VCS, Docker, Kubernetes.

The new method of processing the code Change Signature will allow a single action to change the signature of functions and methods throughout the workspace. The function will show what will change in the code after application. The Inline tool will highlight the embedded code, and Rename will notify you of possible conflicts when renaming.

Added the ability to run and debug Google App Engine applications locally.

Go memory dumps are now available via Run / Open Core Dump directly in the IDE. To automatically create memory dumps, you need to enter GOTRACEBACK = crash in the Environment field.

Also, GoLand 2018.3 supports the Mozilla debugger rr, which allows you to search for a crash in the program by playing back its execution.

Get more info at official blog.

The previous version of GoLand 2018.2 was released in July 2018.