[Fun] Help me improve my password strength algorithm

JavaScript and client side scripting.

Moderator: General Moderators

User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

So now I can't make a 'Very Strong' password (although '1Sa' shows as being good). I still like what you did.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Have you looked at the 'Crack' libraries?

http://ca3.php.net/manual/en/ref.crack.php
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Now? http://www.w3style.co.uk/~d11wtq/password_checker.html
pickle wrote:Have you looked at the 'Crack' libraries?
No but I will. I was just kinda improvising :)

EDIT | If I decide to introduce AJAX I'll give those a shot but I really just wanted something "simple" to provide as a guide on the client side :) Thanks.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Roja wrote:
Weirdan wrote:d11, perhaps you should define (in plain english) what constitutes strong password.
To be fair, its a very hard challenge.
Well, it's possible to take existing brute force tool (like JTR) and try to develop the definition in terms of the time it would take the tool (with default broad settings) to find the password.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

~Weirdan, do you mean use JTR as a means of scoring?

Added a helper tool so it's more clear what's going on:

http://www.w3style.co.uk/~d11wtq/password_checker.html

Not gonna spend much more than another day on this I doubt since it was never supposed to be all that magical :P
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

~Weirdan, do you mean use JTR as a means of scoring?
Not really... It would be too resource intensive :)
I meant you could use it as 'counter-example' while trying to define the term 'strong password'.
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Post by daedalus__ »

All of my passwords test as very strong. I think it's a good bit of a code.

I use rows of keys. They are easy to remember but hard to crack and I don't see anyone guessing them anytime soon.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

My definition.

1. A strong password should be at least 8 characters long
2. Should contain a mixture of uppercase and lowercase
3. Should contain at least on special character
4. Should contain at least two numbers
5. Should not contain duplicate characters

A *decent* password should satisfy at least 1, 2 and 4

Obviously that's a hard list to satisfy so you can increase strength by using say, 4 special characters with a number and a letter in there. Hopefully the little helper check-list makes it more obvious. It's easy to put down in english why a password is strong or weak but converting that list of reasons into some number that you can gauge against is tricky to get right :(
Post Reply