dmp 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c33588e32e9693257674adf835c326a0b83a014c12d75066565cabea7ed2433
-  data.tar.gz: 8397f78e47f38861dac4ff9ec777aec17066f5bc7c063bedaf23647556ea7a1e
+  metadata.gz: 9c9dd7398d91356cc90ab8d3d0add83edc0d50d45663a811d6121d0c16cde8b8
+  data.tar.gz: b60f942b8c163e50ab11e713fc4740fb29ae3c19e4fc9ed75398223b22a75525
 SHA512:
-  metadata.gz: d5121963b6b32b5fdb74a19a258bd238699c4aa6d15b08b31e345ad6de8c2cbdbdd6e1ed389bc97791c14626ae9f1c0669203dd8657f7357c626f92cd1999b54
-  data.tar.gz: edbb9e39035a8b6189949e52c037118c7ad2a695e504e93d48e7ccb81ac86042821976230420b9056e712a2f45ad25e574ac60ac35458c8f7fc1df1bb33f75e6
+  metadata.gz: cf84ddb9185de60859708642a2773cf7a38a87f2dd80e0c6540f209ac194e2556fcc601c74d251e4e9db1ccb36a7c2eb1a577d4167211fda3c648d87b68ed16c
+  data.tar.gz: 83f6b8e648e564ca1b7c80979a6c9167228f0c18f940474f416941f94970a632973b326a7bd426f31bee12823721b5c7456991aeacba47f9f00dbcebcbb6ea93

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    dmp (0.2.2)
+    dmp (0.2.3)
       clipboard (~> 1.1)
       colorize (~> 0.8)
       thor (~> 0)

data/README.md

@@ -3,19 +3,9 @@
 
 **DMP** (or _Dice My Pass_) is a simple passphrase generator that gives you a passphrase of the desired length using [EFF's long wordlist](http://eff.org/dice). **This little tool was only created for a blog post on how to create a Ruby gem at codingdose.info (WIP) and should be NOT used for production**, can't say much if you like it though.
 
-```bash
-$ dmp about
- ____    __  __   ____  
-|  _ \  |  \/  | |  _ \ 
-| | | | | |\/| | | |_) |
-| |_| | | |  | | |  __/ 
-|____/  |_|  |_| |_|
-               
-version: 0.2.2
-author: @__franccesco
-homepage: https://github.com/franccesco/dmp
-learn more: https://codingdose.info
-```
+<p align="center">
+  <img src="images/dmp.gif" />
+</p>
 
 ## Installation
 
@@ -57,16 +47,31 @@ $ dmp
 - Copied to clipboard.
 ```
 
-**Generate a passphrase of your desired length**
+**Generate a passphrase of your desired length and check if the password appears in HIBP datasets**
 ```
-$ dmp gen 5
+$ dmp gen 5 -H
 - Passphrase: tavern silly afar luncheon cement
+- Password is safe to use.
+```
+
+**Warns you if your password has been discovered in a HIBP dataset.**
+```
+- Passphrase: angular
+- WARNING: Passphrase vulnerable 91 times!
+```
+**Check a password of yours**
+```
+$ dmp check
+Enter your password, press ENTER when you're done.
+Password (hidden): ****
+- Your password appears in 213580 data sets!
 ```
 
 **Help**
 ```
 Commands:
   dmp about           # Displays version number and information
+  dmp check           # Check if a password/passphrase is vulnerable.
   dmp gen [length]    # Generate a passphrase of the desired length.
   dmp help [COMMAND]  # Describe available commands or one specific command
 ```

data/lib/dmp.rb

@@ -2,37 +2,44 @@ require 'dmp/version'
 require 'net/http'
 require 'digest/sha1'
 
-# Module to manage DMP operations
 module Dmp
+  # Module to manage DMP operations.
+  # gen_passphrase generates a new passphrase of a desired length.
+  # check_pwned checks the password string against the HIBP datasets.
   # default wordlist provided by EFF https://www.eff.org/dice
   @eff_wordlist = File.dirname(__FILE__) + '/dmp/assets/eff_long_wordlist.txt'
 
   def self.gen_passphrase(pass_length = 7)
-    # load eff_wordlist as a list and strip new lines
-    pass_list = File.readlines(@eff_wordlist)
-    pass_list.map(&:strip!)
-
-    # randomize wordlist and strip it to the desired length
-    random_pass = pass_list.shuffle[0...pass_length]
-    random_pass
+    wordlist = File.readlines(@eff_wordlist)
+    wordlist.map(&:strip!)
+    wordlist.shuffle[0...pass_length]
   end
 
   def self.check_pwned(passphrase)
-    if passphrase.kind_of?(Array)
-      passphrase = passphrase.join(' ')
-    end
+    # This module follows the k-Anonymity principle described in
+    # https://haveibeenpwned.com/API/v2#PwnedPasswords
+    # that allows you to search for the first 5 characters of the hash and
+    # returns a list of hashes for you to search the rest of the hash locally,
+    # followed by the number of times the hash appears in a data set
+    # e.g: 0018A45C4D1DEF81644B54AB7F969B88D65:21
+    passphrase = passphrase.join(' ') if passphrase.is_a?(Array)
 
-    hex_pass = Digest::SHA1.hexdigest(passphrase)
-    hex_pass_sample = hex_pass[0...5]
-    hex_pass_rest = hex_pass[5..-1]
+    sha1_pass = Digest::SHA1.hexdigest(passphrase)
+    sha1_excerpt = sha1_pass[0...5]
+    sha1_to_look_for = sha1_pass[5..-1]
 
-    # request a sample to HIBP to avoid disclosing the full pwd
-    uri = URI("https://api.pwnedpasswords.com/range/#{hex_pass_sample}")
-    req = Net::HTTP.get(uri)
+    api_url = URI("https://api.pwnedpasswords.com/range/#{sha1_excerpt}")
+    api_request = Net::HTTP.get(api_url)
 
-    clean_list = req.split("\r\n")
-    pass_list = clean_list.map { |hash| hash.split(':') }
-    pass_hash = Hash[*pass_list.flatten!]
-    pass_hash[hex_pass_rest.upcase]
+    # Response is text instead of JSON, needs to format the response
+    # to a dictionary so the rest of the hash can be located easier.
+    # => String '0018A45C4D1DEF81644B54AB7F969B88D65:21'
+    # => Array ['0018A45C4D1DEF81644B54AB7F969B88D65:21', ...]
+    # => 2D Array [['0018A45C4D1DEF81644B54AB7F969B88D65', '21'], ...]
+    # => Hash {'0018A45C4D1DEF81644B54AB7F969B88D65': 21, ...}
+    striped_list = api_request.split("\r\n")
+    pass_list = striped_list.map { |hash| hash.split(':') }
+    hash_list = Hash[*pass_list.flatten!]
+    hash_list[sha1_to_look_for.upcase]
   end
 end

data/lib/dmp/cli.rb

@@ -7,6 +7,16 @@ module Dmp
   # Command line interface for DMP
   class CLI < Thor
     default_task :gen_pass
+
+    # Define option 'gen' that accepts a flag to copy to clipboard ('-c')
+    # and another one to check the generated password agains HIBP ('-H')
+    # This argument is the default task and it generates a 7 passphrase lenght.
+    # Usage:
+    # $ dmp gen [optional_length] [optional flags]
+    # Example:
+    # $ dmp gen 8 -c -H
+    # Or:
+    # $ dmp 8
     desc 'gen [length]', 'Generate a passphrase of the desired length.'
     method_option :clipboard,
                   aliases: '-c',
@@ -17,59 +27,47 @@ module Dmp
                   type: :boolean,
                   desc: 'Check if passphrase is vulnerable in HIBP database.'
     def gen_pass(pass_length = 7)
-      # Generate colored passphrase
-      passphrase = Dmp.gen_passphrase(pass_length.to_i)
-
-      # if flag clipboard is 'true' then copy passphrase to clipboard
-      if options[:clipboard]
-        Clipboard.copy(passphrase.join(' '))
-      end
+      new_passphrase = Dmp.gen_passphrase(pass_length.to_i)
+      Clipboard.copy(new_passphrase.join(' ')) if options[:clipboard]
+      dataset_count = Dmp.check_pwned(new_passphrase) if options[:hibp]
 
-      # if flag hibp is 'true' then alert the user
-      if options[:hibp]
-        vuln_count = Dmp.check_pwned(passphrase)
+      colors = String.colors
+      colors.delete(:black) # black color looks ugly in the terminal
+      new_passphrase.map! do |phrase|
+        random_color = colors.sample
+        phrase.colorize(random_color)
       end
 
-      # colors array will be used to pick a randomized sample
-      # removing black cause it looks ugly in terminals
-      colors = String.colors
-      colors.delete(:black)
+      copy_msg = '- Copied to clipboard.'.bold.green
+      vuln_pass_msg = "- WARNING: Passphrase appears in #{dataset_count} datasets!".red.bold
+      safe_pass_msg = '- Password was not found in a dataset.'.green.bold
 
-      passphrase.map! do |phrase|
-        rand_color = colors.sample
-        phrase.colorize(rand_color)
-      end
-      puts '- Passphrase: '.bold + passphrase.join(' ')
-      puts '- Copied to clipboard.'.bold.green if options[:clipboard]
-      if vuln_count
-        puts "- WARNING: Passphrase appears in #{vuln_count} datasets!".red.bold
-      elsif options[:hibp]
-        puts '- Password was not found in a dataset.'.green.bold
-      end
+      puts '- Passphrase: '.bold + new_passphrase.join(' ')
+      puts copy_msg if options[:clipboard]
+      puts dataset_count ? vuln_pass_msg : safe_pass_msg if options[:hibp]
     end
 
+    # Check if passphrase or password is vulnerable interatively
+    # This feature disables echo to avoid making the password visible.
+    # This feature should not ask for the password in the terminal command line
+    # (e.g: dmp check password) as it would be visible in the terminal history.
+    # Usage:
+    # $ dmp check
     desc 'check', 'Check if a password/passphrase is vulnerable.'
     def check_pass
-      puts 'Enter your password, press ENTER when you\'re done.'
+      puts "Enter your password, press ENTER when you're done."
       password = ask('Password (hidden):'.yellow, echo: false)
+      (puts "Aborted.".red.bold; exit) if password.empty?
 
-      # if no password set, just exit
-      if password.empty?
-        puts "Aborted.".red.bold
-        exit
-      end
-
-      vuln_count = Dmp.check_pwned(password)
-      if vuln_count
-        puts " Your password appears in #{vuln_count} datasets!".red.bold
-      else
-        puts " Your password was not found in a dataset.".green.bold
-      end
+      dataset_count = Dmp.check_pwned(password)
+      vuln_msg = "Your password appears in #{dataset_count} datasets!".red.bold
+      safe_msg = "Your password was not found in a dataset.".green.bold
+      puts dataset_count ? vuln_msg : safe_msg
     end
 
+    # Displays banner, version number and author
     desc 'about', 'Displays version number and information'
     def about
-      # Displays banner, version number and author
       puts Dmp::BANNER.bold.red
       puts 'version: '.bold + Dmp::VERSION.green
       puts 'author: '.bold + '@__franccesco'.green

data/lib/dmp/version.rb

@@ -1,5 +1,5 @@
 module Dmp
-  VERSION = "0.2.2"
+  VERSION = "0.2.3"
   BANNER = '''
  ____    __  __   ____  
 |  _ \  |  \/  | |  _ \ 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dmp
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Franccesco Orozco
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-09-19 00:00:00.000000000 Z
+date: 2018-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -200,6 +200,7 @@ files:
 - bin/setup
 - dmp.gemspec
 - exe/dmp
+- images/dmp.gif
 - lib/dmp.rb
 - lib/dmp/assets/eff_long_wordlist.txt
 - lib/dmp/cli.rb