[Fun] Help me improve my password strength algorithm
Moderator: General Moderators
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Now? http://www.w3style.co.uk/~d11wtq/password_checker.html

EDIT | If I decide to introduce AJAX I'll give those a shot but I really just wanted something "simple" to provide as a guide on the client side
Thanks.
No but I will. I was just kinda improvisingpickle wrote:Have you looked at the 'Crack' libraries?
EDIT | If I decide to introduce AJAX I'll give those a shot but I really just wanted something "simple" to provide as a guide on the client side
Well, it's possible to take existing brute force tool (like JTR) and try to develop the definition in terms of the time it would take the tool (with default broad settings) to find the password.Roja wrote:To be fair, its a very hard challenge.Weirdan wrote:d11, perhaps you should define (in plain english) what constitutes strong password.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
~Weirdan, do you mean use JTR as a means of scoring?
Added a helper tool so it's more clear what's going on:
http://www.w3style.co.uk/~d11wtq/password_checker.html
Not gonna spend much more than another day on this I doubt since it was never supposed to be all that magical
Added a helper tool so it's more clear what's going on:
http://www.w3style.co.uk/~d11wtq/password_checker.html
Not gonna spend much more than another day on this I doubt since it was never supposed to be all that magical
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
My definition.
1. A strong password should be at least 8 characters long
2. Should contain a mixture of uppercase and lowercase
3. Should contain at least on special character
4. Should contain at least two numbers
5. Should not contain duplicate characters
A *decent* password should satisfy at least 1, 2 and 4
Obviously that's a hard list to satisfy so you can increase strength by using say, 4 special characters with a number and a letter in there. Hopefully the little helper check-list makes it more obvious. It's easy to put down in english why a password is strong or weak but converting that list of reasons into some number that you can gauge against is tricky to get right
1. A strong password should be at least 8 characters long
2. Should contain a mixture of uppercase and lowercase
3. Should contain at least on special character
4. Should contain at least two numbers
5. Should not contain duplicate characters
A *decent* password should satisfy at least 1, 2 and 4
Obviously that's a hard list to satisfy so you can increase strength by using say, 4 special characters with a number and a letter in there. Hopefully the little helper check-list makes it more obvious. It's easy to put down in english why a password is strong or weak but converting that list of reasons into some number that you can gauge against is tricky to get right