Is it as strong as you think it is?
Did you ever want to know the strength of the passwords that you use everywhere on the web!?
Well, here is a piece of code that let’s you do so (in Python 3).
from math import log
lwCase = list(set(re.compile("[a-z]").findall(password)))
upCase = list(set(re.compile("[A-Z]").findall(password)))
digits = list(set(re.compile("[0-9]").findall(password)))
others = list(set([x for x in password if x not in lwCase and x not in upCase and x not in digits]))
growth_factor = [0.25, 0.4, 0.4, 0.5]
group_size = [len(lwCase), len(upCase), len(digits), len(others)]
rep_factor = [1 - (1 - growth_factor[i])**group_size[i] for i in range(4)]
max_group_size = [26, 26, 10, 32]
strength = sum([rep_factor[i] * max_group_size[i] for i in range(4)])**len(password)
strength = log(strength, 2)
return round(strength, 5)
If you go through this wiki page about password strength, the chances that you close the window after scrolling through half the page and a couple of seconds are very high (even I did it :P)
So, allow me to un-complicate it and present the algorithm to evaluate a password’s strength:
First, calculate the number of unique characters in the password, and split them into the following groups:
* lowercase English letters;
* uppercase English letters;
* other characters.
Next, store the repetition factor for each group using the formula rep_factor = 1 - (1 - growth_factor) * group_size. The group_size is determined on the previous step, and the growth_factor for each group is given below (respectively):
At this step, calculate the digit strength of the password using the formula (sum(repetition_factor * max_group_size))password.length. Here, the repetition_factor is the value found on the previous step, password.length is the size of the password, and max_group_size is the maximum size of the group as given below (respectively):
Finally, calculate the resulting strength as log2strength, where strength is the value obtained on the previous step.