Hacker News new | ask | show | jobs
by jjcm 5179 days ago
I created something similar a while back to demonstrate what makes a password secure. It's drastically less sophisticated than this (I wrote it in an hour or so), but it has the same approach - evaluating a password by entropy, not random requirements. http://files.jjcm.org/jspass/

The important thing I found while testing this was that it was important to tell users why their password sucked. Often times, they'll just keep adding 1's to the end of their password until it's good enough. Let people know, "Your password is in a known list of passwords", rather than, "The entropy of your password is 0."
1 comments
cellis 5179 days ago
I just tried my password in your service and here's what I got [0]

  one quintillion ,
  three hundred ninety four quadrillion ,
  seven hundred seven trillion ,
  thirty six billion ,
  eight hundred fifty one million ,
  four hundred thirty five thousand
years to crack.

Good god.

[0] - 1394707036851435000 translated by http://www.webmath.com/_answer.php

link
kingatomic 5179 days ago
Apparently one of my throwaways is secure nearly until the heat death of the universe.

2.1123066418521704e+73 years to crack

link