I started receiving error 500 emails from my Django project, revealing that someone has been trying to input extremely long passwords. I can easily reproduce this with zxcvbn 1.0:
from zxcvbn import password_strength
>>> password = "this is a test"
>>> password_strength(password)
[normal results]
>>> password = "Heavy flooding over eastern Japan washed away houses and forced residents to their rooftops, desperate for rescue by military helicopters. The raging brown floodwaters spawned from Typhoon Etau, which has dumped 60 centimeters (2 feet) of rain over some areas since Monday. Combine that with several weeks of near-daily rainfall, and Ibaraki and Tochigi prefectures are now deluged and unrecognizable."
>>> password_strength(password) Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/Users/me/Sites/virtualenvs/foo/lib/python2.7/site-packages/zxcvbn/main.py", line 10, in password_strength
result = minimum_entropy_match_sequence(password, matches)
File "/Users/me/Sites/virtualenvs/foo/lib/python2.7/site-packages/zxcvbn/scoring.py", line 109, in minimum_entropy_match_sequence
crack_time = entropy_to_crack_time(min_entropy)
File "/Users/me/Sites/virtualenvs/foo/lib/python2.7/site-packages/zxcvbn/scoring.py", line 150, in entropy_to_crack_time
return (0.5 * math.pow(2, entropy)) * SECONDS_PER_GUESS # average, not total
OverflowError: math range error
I started receiving error 500 emails from my Django project, revealing that someone has been trying to input extremely long passwords. I can easily reproduce this with zxcvbn 1.0: