Password Score is designed to give a realisitc estimation of the strength of a password. When speaking of strength we need an appropriate measure. A common measure for this purpose is based on information theory and called entropy. We will define the entropy of a password as follows: when $N$ is the number of guesses needed to crack a password with certainty the entropy is given by the base-2 logarithm of $N$.
A naive approach of estimating the number of guesses needed is using a brute-force approach. Given a password $p$ we take $N := n^{|p|}$ where $|p|$ is the length of $p$ and $n$ is the number of possible characters. The brute-force approach simply tries all possible combinations of $|p|$ characters. But due to human nature assuming a password to be a random sequence of characters is far to idealisitc. Most of us tend to choose passwords made up of common words, names, special numbers - passwords which are easy to remember. So the naive approach highly overestimates the strength of a password.
Therefore every password cracking software uses dictionaries, lists of common passwords and names to give better performance. Password Score will search a given password for common words, passwords or names - or in general Password Score searches for patterns within the password. Other possible patterns are keyboard patterns like `qwerty` or sequences like `1234`. Instead of using random numbers we tend to use numbers which have a meaning like dates - birthdays or anniversaries of any kind.
The project can be found on GitHub and includes documentation and a simple demonstration page which can be found here. The project is not a visual strength meter as used in registration forms and modern web applications. The library simply gives an estimation of a password's strength measured in entropy and based on several data sources like dictionaries, common passwords or keyboads. Thus the library may be used to implement visual strength meters.
An example of a visual strength meter based on Password Score can be found on GitHub and is based on Twitter Bootstrap's progress bars - work still in progress.
Bootstrap Strength Meter on GitHubPassword Score on GitHubReferences
- [1] Wikipedia: Password strength
- [2] Wikipedia: Entropy
- [3] Dropbox: zxcvbn: realistic password strength estimation
The used data sources for dictionaries, password lists etc. can be found on GitHub