Open him11 opened 2 years ago
Any support on this issue pls?
@him11 possible duplicate of https://github.com/nulab/zxcvbn4j/issues/84
Hey, the typescript library is a fork of this JS one and is not "official".
I forked it because this library is completely outdated. Which means the typescript port is an improved version with updated dictionaries, some fixes and new matchers.
You used the password Tiger@0177
which results in a scoring of 3 for the typescript port. In the original library this it has a scoring of 2 like in the java port that you are using.
That is because of the updated dictionaries. The password was splitted into Tiger
and @0177
.
In the Typescript port Tiger
is ranked 256 in the password dictionary while in the original library it is ranked 210
which results in a different guess count. You could say that the cap isn't very big to move a whole score but the 210 is already pretty close to the scoring of 3.
All this can be seen in the comparison documentation of zxcvbn-ts https://zxcvbn-ts.github.io/zxcvbn/guide/comparison/
Thanks @MrWook Looks like the TS unofficial porting is updated instead of the parent project and the related java porting. I have reached the owner of the java porting https://github.com/nulab/zxcvbn4j/issues/84 but looks like they don't have bandwidth to work on that. @MrWook what's your suggestion here?
The problem on this one is that the original xato password list isn't available on the internet anymore. So you can't update it.
I wanted to get my hands on the collection #1 - collection #5
lists but i'm not really a dark web user :D
I think you have multiple options to handle this case:
Hi.
I'm using zxcvbn libraries on back-end and front-end of an app. For front-end: https://github.com/zxcvbn-ts/zxcvbn For back-end: https://github.com/nulab/zxcvbn4j
The password strength score returned for the same password string, "Tiger@0177" is different for both the libraries. For TS version, it returns 3 (Strong) while for Java version, it returns 2 (Weak), which is giving a very bad UX for my users.
Can you suggest something why is this happening and is there a way to fix this issue? TIA.