password strength validation not working correctly

KonstantinGasser / sherlock

easy to use and simple cli password manager

Apache License 2.0

3 stars 2 forks source link

password strength validation not working correctly #7

Closed KonstantinGasser closed 3 years ago

KonstantinGasser commented 3 years ago

somehow long random password with a big entropy will be evaluated as security.Low. The func PasswordStrength should be re-written following some standards.

time to brute-force
entropy of characters
length

currently some actual secure passwords can only be inserted by using the --insecure flag...

KonstantinGasser commented 3 years ago

used library (https://github.com/wagslane/go-password-validator) as they are doing some good checks regarding entropy of chars and further checks while also returning great error messages if the password is to insecure.