Page 2 of 2

Posted: Thu Jul 13, 2006 4:20 pm
by RobertGonzalez
So now I can't make a 'Very Strong' password (although '1Sa' shows as being good). I still like what you did.

Posted: Thu Jul 13, 2006 5:16 pm
by pickle
Have you looked at the 'Crack' libraries?

http://ca3.php.net/manual/en/ref.crack.php

Posted: Thu Jul 13, 2006 5:39 pm
by Chris Corbyn
Now? http://www.w3style.co.uk/~d11wtq/password_checker.html
pickle wrote:Have you looked at the 'Crack' libraries?
No but I will. I was just kinda improvising :)

EDIT | If I decide to introduce AJAX I'll give those a shot but I really just wanted something "simple" to provide as a guide on the client side :) Thanks.

Posted: Thu Jul 13, 2006 5:58 pm
by Weirdan
Roja wrote:
Weirdan wrote:d11, perhaps you should define (in plain english) what constitutes strong password.
To be fair, its a very hard challenge.
Well, it's possible to take existing brute force tool (like JTR) and try to develop the definition in terms of the time it would take the tool (with default broad settings) to find the password.

Posted: Thu Jul 13, 2006 6:28 pm
by Chris Corbyn
~Weirdan, do you mean use JTR as a means of scoring?

Added a helper tool so it's more clear what's going on:

http://www.w3style.co.uk/~d11wtq/password_checker.html

Not gonna spend much more than another day on this I doubt since it was never supposed to be all that magical :P

Posted: Thu Jul 13, 2006 7:05 pm
by Weirdan
~Weirdan, do you mean use JTR as a means of scoring?
Not really... It would be too resource intensive :)
I meant you could use it as 'counter-example' while trying to define the term 'strong password'.

Posted: Fri Jul 14, 2006 12:46 am
by daedalus__
All of my passwords test as very strong. I think it's a good bit of a code.

I use rows of keys. They are easy to remember but hard to crack and I don't see anyone guessing them anytime soon.

Posted: Fri Jul 14, 2006 4:18 am
by Chris Corbyn
My definition.

1. A strong password should be at least 8 characters long
2. Should contain a mixture of uppercase and lowercase
3. Should contain at least on special character
4. Should contain at least two numbers
5. Should not contain duplicate characters

A *decent* password should satisfy at least 1, 2 and 4

Obviously that's a hard list to satisfy so you can increase strength by using say, 4 special characters with a number and a letter in there. Hopefully the little helper check-list makes it more obvious. It's easy to put down in english why a password is strong or weak but converting that list of reasons into some number that you can gauge against is tricky to get right :(