Initial commit

.gitignore

@@ -0,0 +1,3 @@
+*~
+.*.swp
+*.pyc

LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2012 Dropbox, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README

@@ -0,0 +1,72 @@
+This is a python port of zxcvbn, which is a JavaScript password strength
+generator. zxcvbn attempts to give sound password advice through pattern
+matching and conservative entropy calculations. It finds 10k common passwords,
+common American names and surnames, common English words, and common patterns
+like dates, repeats (aaa), sequences (abcd), and QWERTY patterns.
+
+Please refer to http://tech.dropbox.com/?p=165 for the full details and
+motivation behind zxcbvn. The source code for the original JavaScript (well,
+actually CoffeeScript) implementation can be found at:
+
+https://github.com/lowe/zxcvbn
+
+
+For full motivation, see:
+
+http://tech.dropbox.com/?p=165
+
+------------------------------------------------------------------------
+Use
+------------------------------------------------------------------------
+
+The zxcvbn module exports the password_strength() function. Import zxcvbn, and
+call password_strength(password, user_inputs=[]).  The function will return a
+result dictionary with the following keys:
+
+entropy            # bits
+
+crack_time         # estimation of actual crack time, in seconds.
+
+crack_time_display # same crack time, as a friendlier string:
+                   # "instant", "6 minutes", "centuries", etc.
+
+score              # [0,1,2,3,4] if crack time is less than
+                   # [10**2, 10**4, 10**6, 10**8, Infinity].
+                   # (useful for implementing a strength bar.)
+
+match_sequence     # the list of patterns that zxcvbn based the
+                   # entropy calculation on.
+
+calculation_time   # how long it took to calculate an answer,
+                   # in milliseconds. usually only a few ms.
+
+The optional user_inputs argument is an array of strings that zxcvbn
+will add to its internal dictionary. This can be whatever list of
+strings you like, but is meant for user inputs from other fields of the
+form, like name and email. That way a password that includes the user's
+personal info can be heavily penalized. This list is also good for
+site-specific vocabulary.
+
+Bug reports and pull requests welcome!
+
+------------------------------------------------------------------------
+Acknowledgments
+------------------------------------------------------------------------
+
+Dropbox, thank you again for supporting independent projects both inside and
+outside of hackweek.
+
+Thanks to Dan Wheeler (https://github.com/lowe) for the CoffeeScript implementation
+(see above.) To repeat his outside acknowledgements (which remain useful, as always):
+
+Many thanks to Mark Burnett for releasing his 10k top passwords list:
+http://xato.net/passwords/more-top-worst-passwords
+and for his 2006 book,
+"Perfect Passwords: Selection, Protection, Authentication"
+
+Huge thanks to Wiktionary contributors for building a frequency list
+of English as used in television and movies:
+http://en.wiktionary.org/wiki/Wiktionary:Frequency_lists
+
+Last but not least, big thanks to xkcd :)
+https://xkcd.com/936/

setup.py

@@ -0,0 +1,11 @@
+from distutils.core import setup
+
+setup(Name='zxcvbn',
+      version=1.0,
+      description='Password strength estimator',
+      author='Ryan Pearl',
+      author_email='rpearl@dropbox.com',
+      url='https://www.github.com/rpearl/python-zxcvbn',
+      packages=['zxcvbn'],
+      data_files=[('generated', ['frequency_lists.json', 'adjacency_graphs.json'])]
+     )

tests.txt

@@ -0,0 +1,34 @@
+zxcvbn
+qwER43@!
+Tr0ub4dour&3
+correcthorsebatterystaple
+coRrecth0rseba++ery9.23.2007staple$
+D0g..................
+abcdefghijk987654321
+neverforget13/3/1997
+1qaz2wsx3edc
+temppass22
+briansmith
+briansmith4mayor
+password1
+viking
+thx1138
+ScoRpi0ns
+do you know
+ryanhunter2000
+rianhunter2000
+asdfghju7654rewq
+AOEUIDHG&*()LS_
+12345678
+defghi6789
+rosebud
+Rosebud
+ROSEBUD
+rosebuD
+ros3bud99
+r0s3bud99
+R0$38uD99
+verlineVANDERMARK
+eheuczkqyq
+rWibMFACxAUGZmxhVncy
+Ba9ZyWABu99[BK#6MBgbH88Tofv)vs$

zxcvbn/__init__.py

@@ -0,0 +1,15 @@
+__all__ = ['password_strength']
+import main
+
+password_strength = main.password_strength
+
+if __name__ == '__main__':
+    import fileinput
+    ignored = ['match_sequence', 'password']
+    for line in fileinput.input():
+        pw = line.strip()
+        print "Password: " + pw
+        out = password_strength(pw)
+        for k,v in out.iteritems():
+            if k not in ignored: print "\t%s: %s" % (k,v)
+

zxcvbn/data/README

@@ -0,0 +1 @@
+to generate these files, run zxcvbn/scripts/*.py