Overview
========
The code implements a Password Strength Checker that evaluates the strength of passwords based on various criteria, checks for common passwords and patterns, and simulates dictionary and brute-force attacks.

Key Components
==============
Password Strength Checker (check_password_strength):
=
Length Check: Ensures the password length is between 8 and 20 characters.
Complexity Check: Verifies the presence of special characters, numbers, lowercase letters, and uppercase letters.
Common Passwords: Flags passwords that match a predefined list of common passwords.
Common Patterns: Detects passwords with patterns like repeated characters or simple sequences.
Entropy Calculation: Measures the randomness of the password to ensure it is not easily guessable.
Common Password Check (is_common_password):
=
Compares the password against a list of commonly used passwords to identify weak choices.
Pattern Detection (has_common_patterns):
=
Uses regular expressions to identify passwords with common patterns, such as repeated characters or sequential characters.
Entropy Calculation (calculate_entropy):
=
Computes the entropy of the password, which is a measure of its randomness. Higher entropy generally indicates a stronger password.
Dictionary Attack Simulation (dictionary_attack):
=
Checks if the password matches any word in a dictionary list to simulate a dictionary attack.
Brute-Force Attack Simulation (brute_force_attack):
=
Attempts to guess the password by generating all possible combinations of characters. It is limited in length for simplicity but demonstrates the concept.
Password Generation (generate_passwords):
=
Generates all possible passwords of a given length from a character set. This is used in the brute-force attack simulation.
Main Function (main):
=
Prompts the user to enter a password.
Calls the strength checker and displays the password's strength.
Checks the password against the dictionary and brute-force attack simulations, providing feedback on vulnerability.
Summary
The script evaluates passwords for strength by checking length, complexity, and randomness. It also simulates attacks to assess how vulnerable a password is to dictionary and brute-force methods. This tool helps users understand the robustness of their passwords and encourages the use of stronger, more secure passwords.

In [1]:
import re
import hashlib
import random
import string
from nltk.corpus import words

# Ensure NLTK word list is downloaded
import nltk
nltk.download('words')

# Function to check password strength
def check_password_strength(password):
    """
    Evaluate the strength of the password based on length, complexity, and entropy.
    """
    min_length = 8
    max_length = 20
    special_characters = re.compile(r'[!@#$%^&*(),.?":{}|<>]')
    numbers = re.compile(r'\d')
    lowercase = re.compile(r'[a-z]')
    uppercase = re.compile(r'[A-Z]')

    # Check password length
    if len(password) < min_length:
        return "Weak: Password is too short. Minimum length is 8."
    if len(password) > max_length:
        return "Weak: Password is too long. Maximum length is 20."

    # Check complexity
    if not re.search(special_characters, password):
        return "Weak: Password must include at least one special character."
    if not re.search(numbers, password):
        return "Weak: Password must include at least one number."
    if not re.search(lowercase, password):
        return "Weak: Password must include at least one lowercase letter."
    if not re.search(uppercase, password):
        return "Weak: Password must include at least one uppercase letter."

    # Check for common patterns and passwords
    if is_common_password(password):
        return "Weak: Password is too common."

    if has_common_patterns(password):
        return "Weak: Password contains common patterns."

    # Check entropy
    entropy = calculate_entropy(password)
    if entropy < 40:
        return "Weak: Password entropy is too low."

    return "Strong: Password meets all criteria."

def is_common_password(password):
    """
    Check if the password is in a list of common passwords.
    """
    common_passwords = {'password', '123456', '123456789', '12345678', '12345', '1234567', 'qwerty', 'password1', 'abc123', 'password123'}
    return password.lower() in common_passwords

def has_common_patterns(password):
    """
    Check for common patterns like repeated characters or sequences.
    """
    patterns = [re.compile(r'(.)\1{2,}'), re.compile(r'(012|123|234|345|456|567|678|789|890)'), re.compile(r'(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|wxy|xyz)')]
    for pattern in patterns:
        if pattern.search(password):
            return True
    return False

def calculate_entropy(password):
    """
    Calculate the entropy of the password.
    """
    charset_size = len(set(password))
    password_length = len(password)
    entropy = password_length * (charset_size.bit_length() / 8)
    return entropy

def dictionary_attack(password):
    """
    Simulate a dictionary attack using a list of common words.
    """
    word_list = set(words.words())
    for word in word_list:
        if password == word:
            return True
    return False

def brute_force_attack(password):
    """
    Simulate a brute-force attack by attempting all possible combinations.
    """
    charset = string.ascii_letters + string.digits + string.punctuation
    for length in range(1, 5):  # Limiting length for simplicity; increase for a real attack
        for attempt in generate_passwords(charset, length):
            if attempt == password:
                return True
    return False

def generate_passwords(charset, length):
    """
    Generate all possible passwords of a given length from the charset.
    """
    if length == 0:
        yield ""
    else:
        for char in charset:
            for password in generate_passwords(charset, length - 1):
                yield char + password

# Main function to run the password strength checker
def main():
    password = input("Enter the password to check: ")
    strength = check_password_strength(password)
    print(f"Password Strength: {strength}")

    if dictionary_attack(password):
        print("Password vulnerable to dictionary attack.")
    else:
        print("Password not found in dictionary.")

    if brute_force_attack(password):
        print("Password vulnerable to brute-force attack.")
    else:
        print("Password not found in brute-force simulation.")

if __name__ == "__main__":
    main()

[nltk_data] Error loading words: <urlopen error [WinError 10060] A
[nltk_data]     connection attempt failed because the connected party
[nltk_data]     did not properly respond after a period of time, or
[nltk_data]     established connection failed because connected host
[nltk_data]     has failed to respond>


Enter the password to check: kainat1997
Password Strength: Weak: Password must include at least one special character.


LookupError: 
**********************************************************************
  Resource [93mwords[0m not found.
  Please use the NLTK Downloader to obtain the resource:

  [31m>>> import nltk
  >>> nltk.download('words')
  [0m
  For more information see: https://www.nltk.org/data.html

  Attempted to load [93mcorpora/words[0m

  Searched in:
    - 'C:\\Users\\iShop/nltk_data'
    - 'F:\\anaconda\\nltk_data'
    - 'F:\\anaconda\\share\\nltk_data'
    - 'F:\\anaconda\\lib\\nltk_data'
    - 'C:\\Users\\iShop\\AppData\\Roaming\\nltk_data'
    - 'C:\\nltk_data'
    - 'D:\\nltk_data'
    - 'E:\\nltk_data'
**********************************************************************
