devtoolkit_apiBanned to netsec - Network SecurityEnglish · 3 days ago

Built a client-side password strength analyzer — entropy, crack time estimates, attack scenarios

5.78.129.127

cross-posted to:
privacy@lemm.ee

-5

Built a client-side password strength analyzer — entropy, crack time estimates, attack scenarios

5.78.129.127

devtoolkit_apiBanned to netsec - Network SecurityEnglish · 3 days ago

cross-posted to:
privacy@lemm.ee

Made a password strength checker that runs 100% in the browser:

Calculates entropy bits and character space
Estimates crack time for different attack scenarios (online brute force, GPU cluster, nation-state)
Detects common passwords and keyboard patterns
Gives specific improvement tips

Nothing is sent to any server. All analysis runs client-side in JavaScript.

The math is straightforward: character_space ^ length = total combinations, then divide by guesses/second for different attack types.

Also includes a list of the top 50 most common passwords to check against.

Feedback welcome — particularly around the crack time estimates. I used 10B guesses/sec for the default GPU scenario, based on hashcat benchmarks for bcrypt.

You must log in or # to comment.

Chat

Bluegrass_Addict@lemmy.ca
link
fedilink
English
arrow-up
1·
3 days ago
whatchu mean crack time?

netsec - Network Security

netsec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !netsec@discuss.tchncs.de

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Content should focus on the “How”.
Always try to link to the original source.
Titles should provide context.
Ask Questions with a “[Question]” prefix in the Title.
Hiring Posts must go in the [Hiring] (stickied) Threads.
Commercial advertisement is discouraged.

Discussion Guidelines:

Don’t create unnecessary conflict.
No trolling allowed, limit the use of jokes and memes.
Don’t complain about content being a PDF.
Be nice to each other, everybody started somewhere.

Prohibited Content:

No populist news articles (CNN, BBC, FOX, etc)
No curated lists.
No social media posts (Facebook, Twitter, etc).
No image-only/video-only posts.
No livestreams.
No Tech Support requests.
No paywalled/regwalled content (use archive.is if possible?)
No commercial advertisement.
No crowdfunding posts.
No personally identifiable information.
No doxxing, and no harrassment of any kind.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
20 users / week
24 users / month
25 users / 6 months
161 local subscribers
450 subscribers
31 Posts
17 Comments
Modlog

mods:
cookiengineer