Easy password reported as excellent

StellarSand / IYPS

A password strength app that evaluates and rates your password's robustness, estimates crack time, and provides helpful warnings and suggestions for stronger passwords.

GNU General Public License v3.0

147 stars 7 forks source link

Easy password reported as excellent #11

Closed nicoursi closed 10 months ago

nicoursi commented 1 year ago

Password: Aaaeeeiiiooouuuyyy

Probably this one would take minutes to crack but according to the software it will take centuries.

Ho to intercept this kind of easy patterns?

StellarSand commented 1 year ago

Currently the app takes into account 10k guesses per second for the estimated time to crack the passwords. I have implemented other methods too but they'll be reflected in the next release. So if you take into account 10 billion guesses per second, it gives estimated time to crack as "3 days", which is far better than "centuries". But yes I agree with you that even 3 days might be a bit too long for this kind of password.
This app uses zxcvbn4j to do the password cracking. So I would recommend you to open an issue here to notify them of about this.

StellarSand commented 1 year ago

Hello. A new version has been released with many improvements and additional details.

As for your password " Aaaeeeiiiooouuuyyy" (and most other passwords), the results match with the original library zxcvbn. You can try it interactively here. So I'm not sure if zxcvbn4j will change anything at their end.

I'm also planning on implementing nbvcxz and include some additional features from them or maybe replace zxcvbn4j completely with it, if I'm satisfied with the results and other details as both libraries come with their own set of issues.