I have created a package for dictionary password validation for Go.
This can be used to protect your bcrypt/scrypt/PBKDF encrypted passwords against dictionary attacks. This is much more of a threat than brute force attacks, and is of course done by checking them against a dictionary (no magic).
Motivated by Password Requirements Done Better - also called why password requirements help hackers, this package will remove all your excuses for not having good passwords.
- Package home: https://github.com/klauspost/password
- Godoc: https://godoc.org/github.com/klauspost/password
You are able to use your own database and password dictionary. Currently the package supports importing common dictionary formats, and has built-in "drivers" for MongoDB, BoltDB, MySQL and PostgreSQL.
I have just finished up the documentation and tests, but I am very open to suggestions, and if your favorite database is missing feel free to request it.
