4 releases (2 stable)
Uses old Rust 2015
1.0.1 | Feb 2, 2019 |
---|---|
1.0.0 | Jul 2, 2017 |
0.1.1 | Apr 3, 2017 |
0.1.0 | Apr 3, 2017 |
#28 in #passphrase
4MB
102 lines
passablewords
DEPRECATED
I'm not planning on maintaining this any longer. Please just use zxcvbn instead.
passablewords
is a password validation library which checks a password against a million of
the most common as well as it's ability to be cracked.
If you're asking why use passablewords
over zxcvbn
, it's because passablewords
checks
a password against 1,000,000 of the most common passwords. zxcvbn
only checks 30,000.
zxcvbn
is a great tool, however, and passablewords
uses it to check the entropy of a given
password to make sure it's random enough on top of being unique enough. If you are ok with the
top 30,000 most common passwords, then you should probably use zxcvbn
. If you want a little
extra, consider passablewords
.
While you're free to use any of the public methods, using the check_password
function is
recommended since that checks for length, uniqueness, and entropy all within a single call.
It's also important to note that this is provided as-is and doesn't prevent an attacker from gaining access to, decrypting, or guessing your user's passwords. It just makes it a little harder.
Installing passablewords
passablewords
can be added to your project via the dependencies
section of your cargo.toml
file.
[dependencies]
passablewords = "1"
Using passablewords
For more information on how to use this library, please refer to the docs.
Generally, however, you would use it similar to this example.
extern crate passablewords;
use passablewords::{check_password, PassablewordResult};
fn main() {
match check_password(password) {
Ok() => println!("That password is probably pretty good!")
Err(err) => match(err) {
PassablewordResult::TooShort => println!("Your password should be longer than 8 characters"),
PassablewordResult::TooCommon => println!("Your should be more unique"),
PassablewordResult::TooSimple => println!("Your should be more random"),
PassablewordResult::NonAsciiPassword => println!("Your password should only contain ASCII characters"),
PassablewordResult::InternalError => println!
}
}
}
How fast is it?
Here are the benchmarks running on a 2017 MacBook Pro with 2.3GHz i5. It's pretty darn fast!
test bench_check_common_password ... bench: 26 ns/iter (+/- 5)
test bench_check_ok_password ... bench: 1,497,032 ns/iter (+/- 435,657)
test bench_check_short_password ... bench: 1 ns/iter (+/- 0)
test bench_check_simple_password ... bench: 166,063 ns/iter (+/- 70,071)
Developing
Thanks to the Rust community, getting this project up and running to begin contributing to is pretty easy!
First you'll need to have rust installed (probably stable, but nightly would be fine too. In fact, you need nightly to run the benchmarks). I recommend rustup, but you're free to install rust however you like.
Since Rust comes with cargo installed, you should download the cargo dependencies next.
cargo update
It would be a good idea at this point to make sure all the tests pass so let's run the tests.
cargo test
Finally, make any changes you want and submit a pr. Thanks in advance!
Code of Conduct
License
The code for this library is licensed under the MIT license.
The list of passwords is licensed under the Creative Commons Attribution ShareAlike 3.0 license.
Thanks to the SecLists project for the list.
Changelog
Dependencies
~8MB
~152K SLoC