# Is it as strong as you think it is?

Did you ever want to know the strength of the passwords that you use everywhere on the web!?

Well, here is a piece of code that let’s you do so (in Python 3).

import re

from math import log

def passwordStrength(password):

lwCase = list(set(re.compile("[a-z]").findall(password)))

upCase = list(set(re.compile("[A-Z]").findall(password)))

digits = list(set(re.compile("[0-9]").findall(password)))

others = list(set([x for x in password if x not in lwCase and x not in upCase and x not in digits]))

growth_factor = [0.25, 0.4, 0.4, 0.5]

group_size = [len(lwCase), len(upCase), len(digits), len(others)]

rep_factor = [1 - (1 - growth_factor[i])**group_size[i] for i in range(4)]

max_group_size = [26, 26, 10, 32]

strength = sum([rep_factor[i] * max_group_size[i] for i in range(4)])**len(password)

strength = log(strength, 2)

return round(strength, 5)

If you go through this wiki page about password strength, the chances that you close the window after scrolling through half the page and a couple of seconds are very high (even I did it :P)

So, allow me to un-complicate it and present the algorithm to evaluate a password’s strength:

First, calculate the number of unique characters in the password, and split them into the following groups:

* lowercase English letters;

* uppercase English letters;

* digits;

* other characters.

Next, store the repetition factor for each group using the formula rep_factor = 1 - (1 - growth_factor) * group_size. The group_size is determined on the previous step, and the growth_factor for each group is given below (respectively):

* 0.25

* 0.4

* 0.4

* 0.5

At this step, calculate the digit strength of the password using the formula (sum(repetition_factor * max_group_size))password.length. Here, the repetition_factor is the value found on the previous step, password.length is the size of the password, and max_group_size is the maximum size of the group as given below (respectively):

* 26

* 26

* 10

* 32

Finally, calculate the resulting strength as log2strength, where strength is the value obtained on the previous step.