I'm not planning on maintaining this any longer. Please just use zxcvbn instead.
passablewords is a password validation library which checks a password against a million of
the most common as well as it's ability to be cracked.
If you're asking why use passablewords over zxcvbn, it's because passablewords checks
a password against 1,000,000 of the most common passwords. zxcvbn only checks 30,000.
zxcvbn is a great tool, however, and passablewords uses it to check the entropy of a given
password to make sure it's random enough on top of being unique enough. If you are ok with the
top 30,000 most common passwords, then you should probably use zxcvbn. If you want a little
extra, consider passablewords.
While you're free to use any of the public methods, using the check_password function is
recommended since that checks for length, uniqueness, and entropy all within a single call.
It's also important to note that this is provided as-is and doesn't prevent an attacker from gaining access to, decrypting, or guessing your user's passwords. It just makes it a little harder.
passablewords can be added to your project via the dependencies section of your cargo.toml
file.
[dependencies]
passablewords = "1"
For more information on how to use this library, please refer to the docs.
Generally, however, you would use it similar to this example.
extern crate passablewords;
use passablewords::{check_password, PassablewordResult};
fn main() {
match check_password(password) {
Ok() => println!("That password is probably pretty good!")
Err(err) => match(err) {
PassablewordResult::TooShort => println!("Your password should be longer than 8 characters"),
PassablewordResult::TooCommon => println!("Your should be more unique"),
PassablewordResult::TooSimple => println!("Your should be more random"),
PassablewordResult::NonAsciiPassword => println!("Your password should only contain ASCII characters"),
PassablewordResult::InternalError => println!
}
}
}Here are the benchmarks running on a 2017 MacBook Pro with 2.3GHz i5. It's pretty darn fast!
test bench_check_common_password ... bench: 26 ns/iter (+/- 5)
test bench_check_ok_password ... bench: 1,497,032 ns/iter (+/- 435,657)
test bench_check_short_password ... bench: 1 ns/iter (+/- 0)
test bench_check_simple_password ... bench: 166,063 ns/iter (+/- 70,071)
Thanks to the Rust community, getting this project up and running to begin contributing to is pretty easy!
First you'll need to have rust installed (probably stable, but nightly would be fine too. In fact, you need nightly to run the benchmarks). I recommend rustup, but you're free to install rust however you like.
Since Rust comes with cargo installed, you should download the cargo dependencies next.
cargo updateIt would be a good idea at this point to make sure all the tests pass so let's run the tests.
cargo testFinally, make any changes you want and submit a pr. Thanks in advance!
The code for this library is licensed under the MIT license.
The list of passwords is licensed under the Creative Commons Attribution ShareAlike 3.0 license.
Thanks to the SecLists project for the list.