Drop-in replacement for Django's CommonPasswordValidator with 4x speed and ⅓ memory usage
Project description
FastCommonPasswordValidator
A faster drop-in replacement for Django built-in CommonPasswordValidator. With the default password list it has 4x lookup speed gain and 30% memory savings and these results will be even better with larger password lists.
Validate whether the password is a listed common password. By default, will use built-in list of 20k common passwords (lowercase and deduplicated) by Royce Williams. If called with a file name, it will load passwords one-per-line and use for subsequent checks.
Why?
The original class loads a static list of 20k passwords into memory and scans through it each time it's called, which is... far from being optimal. From Django maintainers point of view it has one advantage: it does not require any extra dependencies, which was the main reason that class was included into the default Django distribution while this wasn't and is available as an extra module.
Compiling your own password list
Initialize a new Bloom filter from your data:
from bloom_filter import BloomFilter
import pathlib
approx_number_of_lines = 20_000 # or whatever your file has
bloom = BloomFilter(max_elements=approx_number_of_lines, error_rate=0.001)
with pathlib.Path('mypasswords.txt').open() as f:
for line in f.readlines():
line = line.strip()
if len(line.strip()) > 0 and not line.startswith('#'):
bloom.add(line)
# test if it works
'password77' in bloom # should be True
'PLWmV6Zh3viv' in bloom # should be False (but see on false positives below)
And dump it as a file using pickle module:
import pickle
with open('myawesomepasswords.dat') as f:
pickle.dump(f, bloom)
False positives
Bloom filter is a probabilistic structure. The filter is by default configured for 0.001 (0.1%) error rate which means on 1000 checks in will falsely report 1 password on average as "common" even if it was not in the original list. In practical applications it's not really a hill to die on, and it might actually bump the respect for your prophetic skills among the users.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fast_password_validation-0.1.2.linux-x86_64.tar.gz.
File metadata
- Download URL: fast_password_validation-0.1.2.linux-x86_64.tar.gz
- Upload date:
- Size: 53.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/41.1.0 requests-toolbelt/0.9.1 tqdm/4.30.0 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ac4be31959b217872f652cbb4070d24bec14390bf3cf0f762263fd90925fb8d9 |
|
| MD5 | 40842a3fd865cbbb72264a6122612f4e |
|
| BLAKE2b-256 | 060a1659063f92e58e825a2858e61679d3fbb5f39379f143e3b20e1b011c6a10 |
File details
Details for the file fast_password_validation-0.1.2-py3-none-any.whl.
File metadata
- Download URL: fast_password_validation-0.1.2-py3-none-any.whl
- Upload date:
- Size: 51.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/41.1.0 requests-toolbelt/0.9.1 tqdm/4.30.0 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 06d66007363a5018d85c846b089fd07bb15c7328d637ac68afabc5fa21c64b94 |
|
| MD5 | 8131e4dfca4cef8d384ecdec7c24d9ae |
|
| BLAKE2b-256 | 622ce637da082e3027bcd0370c0f1a10d0f3e6793ffc1a37d7d968ef5a078d0d |
