问题
Hey there, I wonder how to measure password strength best. I found two different pages: http://rumkin.com/tools/password/passchk.php and http://www.passwordmeter.com/
and they give completely different results about different passwords. Somehow it's obvious to measure in bit, but than it could be hard to tell how many different chars to take into account, e.g.:
let's say my password is aB*, than someone using brute-force would have to use special chars, upper and lower letters, thus ~60 different chars, i.e. 60^3 combinations. Thanks so far!
回答1:
Just award a score based on certain characteristics of the proposed password:
- 1 point for each character in the password
- 2 points if it uses both numbers and characters and 3 points if it contains non-number or character symbols also.
- 2 points if it contains both uppercase and lowercase letters.
- -2 points for each word that can be found in a dictionary (though that might be more difficult to check).
- -2 points if a number can be representative of a year.
From that, take some examples of good and bad passwords and get an idea of what a good score would be.
回答2:
This is the scheme i am using and it seems to work quite well.
Public Enum PasswordComplexityScore
BadPassword
MediumStrengthPassword
GoodPassword
End Enum
Public Function CalculatePasswordComplexity() As PasswordComplexityScore
Dim Score As Integer
'If the password matches the username then BadPassword
If Password = UserName Then
Return PasswordComplexityScore.BadPassword
End If
'If the password is less than 5 characters then TooShortPassword
If Password.Length < 5 Then
Return PasswordComplexityScore.BadPassword
End If
Score = Password.Length * 4
Score = Score + (CheckRepeatedPatterns(1).Length - Password.Length)
Score = Score + (CheckRepeatedPatterns(2).Length - Password.Length)
Score = Score + (CheckRepeatedPatterns(3).Length - Password.Length)
Score = Score + (CheckRepeatedPatterns(4).Length - Password.Length)
'If the password has 3 numbers then score += 5
If CountNumbers() >= 3 Then
Score = Score + 5
End If
'If the password has 2 special characters then score += 5
If CountSymbols() >= 2 Then
Score = Score + 5
End If
'If the password has upper and lower character then score += 10
If HasUpperAndLowerCharacters() Then
Score = Score + 10
End If
'If the password has numbers and characters then score += 15
If HasNumbersAndCharacters() Then
Score = Score + 10
End If
'If the password has numbers and special characters then score += 15
If CountNumbers() > 0 And CountSymbols() > 0 Then
Score = Score + 15
End If
'If the password has special characters and characters then score += 15
If CountLetters() > 0 And CountSymbols() > 0 Then
Score = Score + 15
End If
'If the password is only characters then score -= 10
If CountLetters() > 0 And CountNumbers() = 0 And CountSymbols() = 0 Then
Score = Score - 15
End If
'If the password is only numbers then score -= 10
If CountLetters() = 0 And CountNumbers() > 0 And CountSymbols() = 0 Then
Score = Score - 15
End If
If Score > 100 Then
Score = 100
End If
If Score < 34 Then
Return PasswordComplexityScore.BadPassword
End If
If Score < 68 Then
Return PasswordComplexityScore.MediumStrengthPassword
End If
Return PasswordComplexityScore.GoodPassword
End Function
I have been using this in production for about 8 years now. I think I converted it from someone elses java script into vb6 then into vb.net.
I can post all the supporting functions if you want.
Cheers
来源:https://stackoverflow.com/questions/6014325/password-strength