laughinghan
commented
4 years ago Yeah, I found this issue too, and I'm definitely concerned about it since I'm planning to have a longer minimum password length than most sites (why does everyone only do 8?), but I don't want people to use an insecure password but just repeat it and then have my password checker not notice. I cooked up this little script to find repeated strings (based on LZ77-style compression algorithms): https://gist.github.com/laughinghan/bf0ff29e11d6ef36881a92e4a35abb98
Wanna help me integrate it into their scoring system and turn it into a PR?
ulope
Examples:
apple apple:apple apple: (note the trailing space)apple apple appleEspecially the first example seems way off.