New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zxcvbn-ios scores password differently than zxcvbn #21
Comments
Exactly what I have experienced as well, the iOS library scores passwords differently than the JS version, it always gives them a lower scores as far as I could see. Please advise. |
Anybody? Any input would be greatly appreciated. |
@mlehel Couldn't tell you myself, but you could step through the routine in a debugger in one lib, then do the same in the debugger for another of the libs to find out what choices are being made differently. For example in iOS you could set a breakpoint where your code calls I know that's not answers, but I watch the project and saw your posts so I thought I'd reply. That's where I'd start, I hope it helps! |
@billymeltfown: thank you very much for you input, I'll take a look at it, in the meantime I'm also looking forward to some input on behalf of the creators of this module |
@dylanhand did you get anywhere with this issue? |
I'm facing the same problem. The iOS port accepts "hell\o/12" as a score 3 password and says "hell\o/123" is weaker (only a score of 2). Does anybody still contribute on this project? |
@patreu22 @mlehel I ended up using the JavaScript version inside a
|
Hi @mlehel, There's two big reasons that zxcvbn and zxcvbn-ios sometimes give different results:
If you want the latest updates, I'd recommend using @dylanhand's approach or similar. |
Hey @dylanhand , |
@dylanhand Thanks 。 |
@patreu22 |
@likekunkun there is one problem with @dylanhand approach. Using String Interpolation is not safe, because password itself can contain So instead you should set your password directly into JSContext as variable and then use this variable in
|
Hi Leah. Thanks for porting this to iOS. I came across a potential issue:
The password 2-UbvR, for example, is scored differently on zxvcbn-ios vs. Dropbox's online zxcvbn test.
Dropbox's online test:
zxcvbn-ios:
Any idea why the iOS version would score a password differently?
The text was updated successfully, but these errors were encountered: