Or run the length and character checks in Javascript, then hash the password and send the hashed version for dictionary lookup.