Lib.rs

Authentication
#password #entropy #strength

bin+lib chbs_password_checker

Password Strength Checker

by Induane

1 unstable release

0.1.0 May 17, 2021

#632 in Authentication

Download history 208/week @ 2024-07-22 181/week @ 2024-07-29 219/week @ 2024-08-05 123/week @ 2024-08-12 105/week @ 2024-08-19 84/week @ 2024-08-26 46/week @ 2024-09-02 133/week @ 2024-09-09 164/week @ 2024-09-16 175/week @ 2024-09-23 94/week @ 2024-09-30 121/week @ 2024-10-07 122/week @ 2024-10-14 164/week @ 2024-10-21 127/week @ 2024-10-28 88/week @ 2024-11-04

505 downloads per month

MIT license

17KB
298 lines

CHBS Password Strength Checker

A simple password strength checker using raw entropy values written in Rust.

Inspired by: https://github.com/wagslane/go-password-passwordvalidator and this XKCD

Benefits

  • While uppercase, numbers, special characters, etc... all count towards the final score, none are required
  • Does not contact any external API's
  • Includes command line tool in addition to a library so it can be used in bash scripts

⚙️ Installation

cargo install chbs

Use in code::

use chbslib::get_entropy;

let test_1: String = String::from("boring");
let score: i16 = get_entropy(&test1);
println!("Score: {}", score);

>>> 1

What is a good minimum value?

That's a judgement call. I would suggest something in the range of 5 to 7 or so.

Caveats

Attackers commonly use passwords they have scraped from leaked data. Entropy checks will NOT protect your users from using leaked passwords.

How It Works

The password is stripped of repeating characters, palindrome portions, and common password sequences like qwerty or asdfghjkl as well as the set of the 10 most commonly used passwords (according to wikipedia). The remaining length accounts for the initial score. Additional points are awarded for mixing case, adding numbers, and adding special characters.

After that we do some maths which calculates the approximate total guesses and reduces this to a integer score.

Dependencies

~2MB
~29K SLoC