A simple password strength checker using raw entropy values written in Rust.
Inspired by: https://github.com/wagslane/go-password-passwordvalidator and this XKCD
Available on: crates.io
- While uppercase, numbers, special characters, etc... all count towards the final score, none are required
- Does not contact any external API's
- Includes command line tool in addition to a library so it can be used in bash scripts
cargo install chbs
Use in code::
use chbslib::get_entropy;
let test_1: String = String::from("boring");
let score: i16 = get_entropy(&test1);
println!("Score: {}", score);
>>> 1
That's a judgement call. I would suggest something in the range of 5 to
7 or so.
Attackers commonly use passwords they have scraped from leaked data. Entropy checks will NOT protect your users from using leaked passwords.
The password is stripped of repeating characters, palindrome portions, and
common password sequences like qwerty or asdfghjkl as well as the set
of the 10 most commonly used passwords (according to wikipedia). The remaining
length accounts for the initial score. Additional points are awarded for mixing
case, adding numbers, and adding special characters.
After that we do some maths which calculates the approximate total guesses and reduces this to a integer score.