|
@@ -1,4 +1,7 @@
|
|
|
-### Passphrase Entropy Calculator
|
|
|
|
|
|
|
+## password-strength
|
|
|
|
|
+A password strength calculator based on [Dropbox's](https://github.com/dropbox) password strength estimator [zxcvbn](https://github.com/dropbox/zxcvbn).
|
|
|
|
|
+
|
|
|
|
|
+Also checks with haveibeenpwned API if a given password has been compromised.
|
|
|
|
|
|
|
|
#### Build
|
|
#### Build
|
|
|
|
|
|
|
@@ -9,14 +12,45 @@ make install
|
|
|
|
|
|
|
|
#### Usage
|
|
#### Usage
|
|
|
```
|
|
```
|
|
|
-passphrase-entropy a passphrase
|
|
|
|
|
|
|
+ -password string
|
|
|
|
|
+ a password
|
|
|
|
|
+ -word string
|
|
|
|
|
+ used word
|
|
|
|
|
+ -pwned
|
|
|
|
|
+ check with haveibeenpwned API if password has been seen before
|
|
|
|
|
+```
|
|
|
|
|
+
|
|
|
|
|
+#### Examples
|
|
|
|
|
+```
|
|
|
|
|
+password-strength -password "Tr0ub4dor&3," -word troubador
|
|
|
|
|
+
|
|
|
|
|
+Password: Tr0ub4dor&3,
|
|
|
|
|
+Password strength: 1/4
|
|
|
|
|
+Guesses Log10: 5.041393
|
|
|
|
|
+
|
|
|
|
|
+Guess times
|
|
|
|
|
+100 / h: 1 months (throttled online attack)
|
|
|
|
|
+10 / s: 3 hours (unthrottled online attack)
|
|
|
|
|
+10k / s: 11 seconds (offline attack, slow hash, many cores)
|
|
|
|
|
+10b / s: < 1 second (offline attack, slow hash, many cores)
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
-#### Output
|
|
|
|
|
```
|
|
```
|
|
|
-Evaluated string: a passphrase
|
|
|
|
|
|
|
+passphrase-entropy -password "correcthorsebatterystaple" -word "correct" -word "horse" -word "battery" -word "staple"
|
|
|
|
|
|
|
|
-Used character sets: Lowercase, Common Special Characters
|
|
|
|
|
|
|
+Password: correcthorsebatterystaple
|
|
|
|
|
+Password strength: 4/4
|
|
|
|
|
+Guesses Log10: 12.008345
|
|
|
|
|
|
|
|
-Passphrase entropy: 71.4503557246425
|
|
|
|
|
|
|
+Guess times
|
|
|
|
|
+100 / h: Centuries (throttled online attack)
|
|
|
|
|
+10 / s: Centuries (unthrottled online attack)
|
|
|
|
|
+10k / s: 3 years (offline attack, slow hash, many cores)
|
|
|
|
|
+10b / s: 2 minutes (offline attack, slow hash, many cores)
|
|
|
```
|
|
```
|
|
|
|
|
+
|
|
|
|
|
+#### Acknowledgements
|
|
|
|
|
+
|
|
|
|
|
+password-strength is based on [trustelem's](https://github.com/trustelem/zxcvbn) go implementation of [Dropbox's](https://github.com/dropbox) password strength estimator [zxcvbn](https://github.com/dropbox/zxcvbn).
|
|
|
|
|
+
|
|
|
|
|
+Also checks with haveibeenpwned API if a given password has been compromised with [a forked version](https://github.com/chaosbunker/haveibeenpwned) of [sinduvi87's haveibeenpwned](https://github.com/sinduvi87/haveibeenpwned).
|
Dennis Rodewyk