zxcvbn-hs-0.3.2: Password strength estimation based on zxcvbn.
CopyrightThis file is part of the package zxcvbn-hs. It is subject to the
license terms in the LICENSE file found in the top-level directory
of this distribution and at:

https://code.devalot.com/sthenauth/zxcvbn-hs

No part of this package including this file may be copied
modified propagated or distributed except according to the terms
contained in the LICENSE file.
LicenseMIT
Safe HaskellSafe-Inferred
LanguageHaskell2010

Text.Password.Strength

Description

This is a native Haskell implementation of the zxcvbn password strength estimation algorithm as it appears in the 2016 USENIX Security paper and presentation (with some small modifications).

Synopsis

Estimating Guesses

score Source #

Arguments

:: Config

Which dictionaries, keyboards, etc. to use.

-> Day

Reference day for date matches (should be current day).

-> Text

The password to score.

-> Score

Estimate.

Estimate the number of guesses an attacker would need to make to crack the given password.

newtype Score Source #

A score is an estimate of the number of guesses it would take to crack a password.

Constructors

Score 

Fields

Instances

Instances details
ToJSON Score Source # 
Instance details

Defined in Text.Password.Strength

Show Score Source # 
Instance details

Defined in Text.Password.Strength

Methods

showsPrec :: Int -> Score -> ShowS #

show :: Score -> String #

showList :: [Score] -> ShowS #

Eq Score Source # 
Instance details

Defined in Text.Password.Strength

Methods

(==) :: Score -> Score -> Bool #

(/=) :: Score -> Score -> Bool #

Ord Score Source # 
Instance details

Defined in Text.Password.Strength

Methods

compare :: Score -> Score -> Ordering #

(<) :: Score -> Score -> Bool #

(<=) :: Score -> Score -> Bool #

(>) :: Score -> Score -> Bool #

(>=) :: Score -> Score -> Bool #

max :: Score -> Score -> Score #

min :: Score -> Score -> Score #

Calculating Password Strength

strength :: Score -> Strength Source #

Calculate the strength of a password given its score.

data Strength Source #

Measurement of password strength.

Constructors

Risky

Too guessable: risky password. (guesses < \(10^{3}\))

Weak

Very guessable: protection from throttled online attacks. (guesses < \(10^{6}\))

Moderate

Somewhat guessable: protection from unthrottled online attacks. (guesses < \(10^{8}\))

Safe

Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < \(10^{10}\))

Strong

Very unguessable: strong protection from offline slow-hash scenario. (guesses >= \(10^{10}\))

Default Configuration

en_US :: Config Source #

Default configuration for US English.