/passwordCritic

bloom filter driven Go library for checking passwords against common password lists

Primary LanguageGoGNU Affero General Public License v3.0AGPL-3.0

Password Critic codecov Go Report Card License: AGPL v3

github.com/samiam2013/passwordCritic

a Go module to

  • check the entropy of a password (variety & repitition)
  • check if the password shows up in a bloom filter built with a list of common passwords

Installing & Running

git clone https://github.com/samiam2013/passwordCritic.git
cd passwordCritic/
go test ./... # make sure the tests pass
cd cmd/
go build .
./cmd -r -p password123

and you can expect some output like

Entropy of the password candidate:  3.2776136
2022/01/13 15:25:08 password common, found in list with 100000 elements, but not more common than 1000, minimum set rarity.
{StringVal:password123 Cardinality:10 H:3.2776136}

TODO:

  • test frequency of false positives for a given BloomFilter.bitSet size
  • benchmark algorithms used by bloom filter for hashing
  • serialize the filter to something more efficient than the 0|1 mapped JSON
  • add a backup source for commmon password lists