passwdqc
v1.0.2
Published
JavaScript port of Openwall passwdqc, a password/passphrase strength checking and policy enforcement toolset.
Downloads
136
Readme
Passwdqc-js
About
The passwdqc is the brilliant password quality checker library made by Openwall. Passwdqc-js is a JavaScript port of passwdqc, made by Parallels. Passwdqc-js supports AMD and NodeJS/CommonJS module format. So it runs on both client and server.
Demo page (Limited functionality)
http://doc.apsstandard.org/7.2/apsfiddle/?file=7.2/_static/examples/password/calcStrength.html
Compatibilty with Passwdqc
Passwdqc-js was tested for compatibility with original passwdqc. We used following password databases in order to guarantee that both accept nearly the same subset of passwords:
- 14M unique RockYou passwords from 2009 leak (99.99% match with passwdqc)
- 10K random 10-character symbolic passwords (100% match with passwdqc)
- 10K random pass phrases, generated by passwdqc/pwqgen (100% match with passwdqc)
Usage
Use passwdqc.check(newpass, [oldpass], [login], [gecos], [params])
function to check password quality.
Parameters
- newpass: password to check
- oldpass: old password to check if new password is based on it
- login: user's login name to check that password is not based on it
- gecos: any other personal information to check
- params: custom parameters for passwdqc algorithm, see
Return value
- Empty string if password is considered good;
- The reason why password is considered weak, otherwise.
Examples
NodeJS
var passwdqc = require('passwdqc');
var rv = passwdqc.check(password, old_password);
if (!rv) {
// Password is of good quality
// ...
} else {
// The "rv" now contains reason why password considered weak
}
Client-Side
// Declare security policy
var lowParams = { min: [6, 6, 6, 6, 6], max: 40, passphrase_words: 3, match_length: 4, similar_deny: 1, random_bits: 47, flags: 3, retry: 3 },
mediumParams = { min: [8, 8, 8, 7, 6], max: 40, passphrase_words: 3, match_length: 4, similar_deny: 1, random_bits: 47, flags: 3, retry: 3 };
// Checking value
function check(val){
if(val.length == 0) return 0;
if(!passwdqc_check(val)) return 4;
if(!passwdqc_check(val, undefined, undefined, undefined, mediumParams)) return 3;
if(!passwdqc_check(val, undefined, undefined, undefined, lowParams)) return 2;
return 1;
}
Distribution
NPM
npm install passwdqc
Bower More info about Bower
bower install passwdqc
TODO
- More examples
- Random password/passphrase generator