GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nulab → Zxcvbn4j

nulab / Zxcvbn4j

Licence: mit
This is a java port of zxcvbn, which is a JavaScript password strength generator.

Programming Languages

java
68154 projects - #9 most used programming language

Labels

password

Projects that are alternatives of or similar to Zxcvbn4j

Ng
Get password of the wifi you're connected, and your current ip address.
Stars: ✭ 151 (-19.68%)
Mutual labels:  password
Simple Scrypt
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑
Stars: ✭ 168 (-10.64%)
Mutual labels:  password
Android Passcodeview
A custom view with keyboard and character display to be used for authentication
Stars: ✭ 182 (-3.19%)
Mutual labels:  password
Wifi Passview
An open source batch script based WiFi Passview for Windows!
Stars: ✭ 157 (-16.49%)
Mutual labels:  password
Esp8266 wifi captive portal
🔑 WiFi captive portal for ESP8266 for phishing WiFi passwords
Stars: ✭ 165 (-12.23%)
Mutual labels:  password
Cupp
The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values.
Stars: ✭ 2,493 (+1226.06%)
Mutual labels:  password
Dontclickshit
Як не стати кібер-жертвою
Stars: ✭ 149 (-20.74%)
Mutual labels:  password
Staticrypt
Password protect a static HTML page
Stars: ✭ 2,280 (+1112.77%)
Mutual labels:  password
React Password Strength
A password strength indicator field for use in React projects
Stars: ✭ 167 (-11.17%)
Mutual labels:  password
Gopassbridge
A web extension for firefox and chrome to insert login credentials from gopass
Stars: ✭ 182 (-3.19%)
Mutual labels:  password
Passw0rd
🔑securely checks a password to see if it has been previously exposed in a data breach
Stars: ✭ 159 (-15.43%)
Mutual labels:  password
Jxpatternlock
An easy-to-use, powerful, customizable pattern lock view in swift. 图形解锁/手势解锁 / 手势密码 / 图案密码 / 九宫格密码
Stars: ✭ 165 (-12.23%)
Mutual labels:  password
Zydra
Stars: ✭ 178 (-5.32%)
Mutual labels:  password
Karma
Find leaked emails with your passwords
Stars: ✭ 154 (-18.09%)
Mutual labels:  password
Leaked
Leaked? 2.1 - A Checking tool for Hash codes, Passwords and Emails leaked
Stars: ✭ 184 (-2.13%)
Mutual labels:  password
Randomatic
Easily generate random strings like passwords, with simple options for specifying a length and for using patterns of numeric, alpha-numeric, alphabetical, special or custom characters. (the original "generate-password")
Stars: ✭ 149 (-20.74%)
Mutual labels:  password
Supertokens Core
Open source alternative to Auth0 / Firebase Auth / AWS Cognito
Stars: ✭ 2,907 (+1446.28%)
Mutual labels:  password
Applocker
AppLocker - simple lock screen for iOS Application ( Swift 4+, iOS 9.0+) Touch ID / Face ID
Stars: ✭ 188 (+0%)
Mutual labels:  password
Password Strength
Angular UI library to illustrate and validate a password's strength with material design - Angular V9 supported
Stars: ✭ 186 (-1.06%)
Mutual labels:  password
Huge
Simple user-authentication solution, embedded into a small framework.
Stars: ✭ 2,125 (+1030.32%)
Mutual labels:  password
View All Similar Projects ➔

zxcvbn4j Build Status Coverage Status Maven Central

This is a java port of zxcvbn, which is a password strength estimator inspired by password crackers written on JavaScript. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.

Related articles

Update

The following version is a port of zxcvbn 4.4.2

  • 2021/02/19 1.4.0 released.
  • 2021/02/09 1.3.6 released.
  • 2021/02/02 1.3.5 released.
  • 2021/01/26 1.3.4 released.
  • 2021/01/21 1.3.3 released.
  • 2021/01/19 1.3.2 released.
  • 2020/10/28 1.3.1 released.
  • 2019/10/19 1.3.0 released.
  • 2019/07/23 1.2.7 released.
  • 2019/07/16 1.2.6 released.
  • 2018/03/30 1.2.5 released.
  • 2018/02/27 1.2.4 released.
  • 2017/03/27 1.2.3 released.

The following version is a port of zxcvbn 4.4.1

  • 2016/12/07 1.2.2 released.
  • 2016/12/03 1.2.1 released.

The following version is a port of zxcvbn 4.4.0

  • 2016/10/29 1.2.0 released.

The following version is a port of zxcvbn 4.3.0

  • 2016/10/01 1.1.6 released.
  • 2016/09/27 1.1.5 released.
  • 2016/07/08 1.1.4 released.
  • 2016/05/27 1.1.3 released.
  • 2016/05/25 1.1.2 released.
  • 2016/03/19 1.1.1 released.
  • 2016/03/06 1.1.0 released.

The following version is a port of zxcvbn 4.2.0

  • 2016/01/28 1.0.2 released.
  • 2016/01/27 1.0.1 released.
  • 2015/12/24 1.0.0 released.

Special Features

  • It includes JIS keyboard layout in spatial matching.
  • Localization feedback messages.
  • Password args accept CharSequence as well as String.
    • This gives a lot more flexibility in what format the password can be in.
    • Also attempts to avoid using Strings for any sensitive intermediate objects.

Install

gradle

compile 'com.nulab-inc:zxcvbn:1.4.0'

maven

<dependency>
  <groupId>com.nulab-inc</groupId>
  <artifactId>zxcvbn</artifactId>
  <version>1.4.0</version>
</dependency>

Build

To build:

$ git clone [email protected]:nulab/zxcvbn4j.git
$ cd zxcvbn4j/
$ ./gradlew build

Usage

Basic Usage. This is also available Android.

Zxcvbn zxcvbn = new Zxcvbn();
Strength strength = zxcvbn.measure("This is password");

If you want to add your own dictionary, put the keyword list of List type to the second argument.

List<String> sanitizedInputs = new ArrayList();
sanitizedInputs.add("nulab");
sanitizedInputs.add("backlog");
sanitizedInputs.add("cacoo");
sanitizedInputs.add("typetalk");

Zxcvbn zxcvbn = new Zxcvbn();
Strength strength = zxcvbn.measure("This is password", sanitizedInputs);

The return result is "Strength". It's almost the same as zxcvbn.

# estimated guesses needed to crack password
strength.guesses

# order of magnitude of strength.guesses
strength.guessesLog10

# dictionary of back-of-the-envelope crack time
# estimations, in seconds, based on a few scenarios
strength.crackTimeSeconds
{
  # online attack on a service that ratelimits password auth attempts.
  onlineThrottling100PerHour

  # online attack on a service that doesn't ratelimit,
  # or where an attacker has outsmarted ratelimiting.
  onlineNoThrottling10PerSecond

  # offline attack. assumes multiple attackers,
  # proper user-unique salting, and a slow hash function
  # w/ moderate work factor, such as bcrypt, scrypt, PBKDF2.
  offlineSlowHashing1e4PerSecond

  # offline attack with user-unique salting but a fast hash
  # function like SHA-1, SHA-256 or MD5. A wide range of
  # reasonable numbers anywhere from one billion - one trillion
  # guesses per second, depending on number of cores and machines.
  # ballparking at 10B/sec.
  offlineFastHashing1e10PerSecond
}

# same keys as result.crack_time_seconds,
# with friendlier display string values:
# "less than a second", "3 hours", "centuries", etc.
strength.crackTimeDisplay

# Integer from 0-4 (useful for implementing a strength bar)
# 0 Weak        (guesses < ^ 3 10)
# 1 Fair        (guesses <^ 6 10)
# 2 Good        (guesses <^ 8 10)
# 3 Strong      (guesses < 10 ^ 10)
# 4 Very strong (guesses >= 10 ^ 10)
strength.score

# verbal feedback to help choose better passwords. set when score <= 2.
strength.feedback
{
  # explains what's wrong, eg. 'this is a top-10 common password'.
  # not always set -- sometimes an empty string
  warning

  # a possibly-empty list of suggestions to help choose a less
  # guessable password. eg. 'Add another word or two'
  suggestions
}

# the list of patterns that zxcvbn based the guess calculation on.
strength.sequence

# how long it took zxcvbn to calculate an answer, in milliseconds.
strength.calc_time

Localization feedback messages

The zxcvbn4j can be localized localize the english feedback message to other languages.

// Get the Strength instance.
Zxcvbn zxcvbn = new Zxcvbn();
Strength strength = zxcvbn.measure("This is password");

// Get the ResourceBundle based on the name and locale of the property file(※).
ResourceBundle resourceBundle = ResourceBundle.getBundle("This is bundle name", Locale.JAPAN);

// Feedback to pass the ResourceBundle. And to generate a localized Feedback.
Feedback feedback = strength.getFeedback();
Feedback localizedFeedback = feedback.withResourceBundle(resourceBundle);

// getSuggestions() and getWarning() returns localized feedback message.
List<String> localizedSuggestions = localizedFeedback.getSuggestions();
String localizedWarning = localizedFeedback.getWarning();

Defined Key and the message in the properties file. Reference the messages.properties.

Supported languages by default:

Bugs and Feedback

For bugs, questions and discussions please use the Github Issues.

License

MIT License

Requires Java

  • Java 1.7+

Using this library

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].