search

nbutton23 / zxcvbn-go

zxcvbn password complexity algorithm in golang
MIT License
379 stars 49 forks source link

Score deviates from the coffee/javascript version #20

Open freman opened 7 years ago

freman commented 7 years ago 
./testpw Passi0n@ 'fred' 'blogs' 'johnny'
Passi0n@ [fred blogs johnny]
Score: 0

JS equiv. returns score of 1

dtoubelis commented 7 years ago

Facing the same issue. That golang version returns different scores then JS one. This is a problem because a password may pass validation on front end and fail at the back-end creating "what the f***" moment for a client that is impossible to justify.

denouche commented 7 years ago

In my case my own password give a score of 3 with JS lib, and 1 with golang library ...

denouche commented 7 years ago

For example 12111111AZ scores 2 using JS lib, and 0 using Golang lib ...

vanackere commented 6 years ago

Hi, I was also affected by this issue and after some failed attempts I came to the conclusion that this is unfortunately too difficult to achieve using the current library since the score is extremely sensitive to the way the best match sequence is found and its number of guesses is evaluated...

For those interested: I made instead a full Go port of the current coffeescript version from Dropbox, just publically available at https://github.com/trustelem/zxcvbn, that should give the exact same results as the coffeescript version.