## password-strength
A password strength calculator based on [Dropbox's](https://github.com/dropbox) password strength estimator [zxcvbn](https://github.com/dropbox/zxcvbn).

Also checks with haveibeenpwned API if a given password has been compromised.

#### Build

```
make
make install
```

#### Usage
```
  -password string
    	a password
  -word string
    	used word
  -pwned
    	check with haveibeenpwned API if password has been seen before
```

#### Examples
```
password-strength -password "Tr0ub4dor&3," -word troubador -pwned

Password:		Tr0ub4dor&3,
Password strength:	1/4
Guesses Log10:		5.041393

Guess times
100 / h:		1 months 	(throttled online attack)
10  / s:		3 hours  	(unthrottled online attack)
10k / s:		11 seconds	(offline attack, slow hash, many cores)
10b / s:		< 1 second	(offline attack, fast hash, many cores)
```

```
passphrase-entropy -password "correcthorsebatterystaple" -pwned -word correct -word horse -word battery -word staple -pwned

Password:		correcthorsebatterystaple
Password strength:	4/4
Guesses Log10:		12.008345

Guess times
100 / h:		Centuries	(throttled online attack)
10  / s:		Centuries	(unthrottled online attack)
10k / s:		3 years  	(offline attack, slow hash, many cores)
10b / s:		2 minutes	(offline attack, fast hash, many cores)

This password has been compromised and should not be used.
```

#### Acknowledgements

password-strength is based on [trustelem's](https://github.com/trustelem/zxcvbn) go implementation of [Dropbox's](https://github.com/dropbox) password strength estimator [zxcvbn](https://github.com/dropbox/zxcvbn).
 
Also checks with haveibeenpwned API if a given password has been compromised with [a forked version](https://github.com/chaosbunker/haveibeenpwned) of [sinduvi87's haveibeenpwned](https://github.com/sinduvi87/haveibeenpwned).