Skip to main content

No project description provided

Project description

Build Status

zxcvbn

A realistic password strength estimator.

This is a Python implementation of the library created by the team at Dropbox. The original library, written for JavaScript, can be found here.

While there may be other Python ports available, this one is the most up to date and is recommended by the original developers of zxcvbn at this time.

Features

  • Tested in Python versions 3.8-3.13

  • Accepts user data to be added to the dictionaries that are tested against (name, birthdate, etc)

  • Gives a score to the password, from 0 (terrible) to 4 (great)

  • Provides feedback on the password and ways to improve it

  • Returns time estimates on how long it would take to guess the password in different situations

Installation

Install the package using pip: pip install zxcvbn

Usage

Pass a password as the first parameter, and a list of user-provided inputs as the user_inputs parameter (optional).

from zxcvbn import zxcvbn

results = zxcvbn('JohnSmith123', user_inputs=['John', 'Smith'])

print(results)

Output:

{
    'password': 'JohnSmith123',
    'score': 2,
    'guesses': 2567800,
    'guesses_log10': 6.409561194521849,
    'calc_time': datetime.timedelta(0, 0, 5204)
    'feedback': {
        'warning': '',
        'suggestions': [
            'Add another word or two. Uncommon words are better.',
            "Capitalization doesn't help very much"
        ]
    },
    'crack_times_display': {
        'offline_fast_hashing_1e10_per_second': 'less than a second'
        'offline_slow_hashing_1e4_per_second': '4 minutes',
        'online_no_throttling_10_per_second': '3 days',
        'online_throttling_100_per_hour': '3 years',
    },
    'crack_times_seconds': {
        'offline_fast_hashing_1e10_per_second': 0.00025678,
        'offline_slow_hashing_1e4_per_second': 256.78
        'online_no_throttling_10_per_second': 256780.0,
        'online_throttling_100_per_hour': 92440800.0,
    },
    'sequence': [{
        'matched_word': 'john',
        'rank': 2,
        'pattern': 'dictionary',
        'reversed': False,
        'token': 'John',
        'l33t': False,
        'uppercase_variations': 2,
        'i': 0,
        'guesses': 50,
        'l33t_variations': 1,
        'dictionary_name': 'male_names',
        'base_guesses': 2,
        'guesses_log10': 1.6989700043360185,
        'j': 3
    }, {
        'matched_word': 'smith123',
        'rank': 12789,
        'pattern': 'dictionary',
        'reversed': False,
        'token': 'Smith123',
        'l33t': False,
        'uppercase_variations': 2,
        'i': 4,
        'guesses': 25578,
        'l33t_variations': 1,
        'dictionary_name': 'passwords',
        'base_guesses': 12789,
        'guesses_log10': 4.407866583030775,
        'j': 11
    }],
}

Another optional argument is max_length, allowing override of the default max password length of 72. .. code:: python

from zxcvbn import zxcvbn

results = zxcvbn(‘JohnSmith321’, user_inputs=[‘John’, ‘Smith’], max_length=88)

Custom Ranked Dictionaries

In order to support more languages or just add password dictionaries of your own, there is a helper function you may use.

from zxcvbn.matching import add_frequency_lists

add_frequency_lists({
    'my_list': ['foo', 'bar'],
    'another_list': ['baz']
})

These lists will be added to the current ones, but you can also overwrite the current ones if you wish. The lists you add should be in order of how common the word is used with the most common words appearing first.

CLI

You an also use zxcvbn from the command line:

echo 'password' | zxcvbn --user-input <user-input> | jq
You can include a --max-length argument::

echo ‘<long password>’ | zxcvbn –max-length 142

You can also execute the zxcvbn module:

echo 'password' | python -m zxcvbn --user-input <user-input> | jq

Contribute

License

The project is licensed under the MIT license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

zxcvbn-4.5.0.tar.gz (411.2 kB view details)

Uploaded Source

Built Distribution

zxcvbn-4.5.0-py2.py3-none-any.whl (409.4 kB view details)

Uploaded Python 2Python 3

File details

Details for the file zxcvbn-4.5.0.tar.gz.

File metadata

  • Download URL: zxcvbn-4.5.0.tar.gz
  • Upload date:
  • Size: 411.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.7

File hashes

Hashes for zxcvbn-4.5.0.tar.gz
Algorithm Hash digest
SHA256 70392c0fff39459d7f55d0211151401e79e76fcc6e2c22b61add62900359c7c1
MD5 ecc28f558901af50648dcd0cfc6dc86f
BLAKE2b-256 ae409366940b1484fd4e9423c8decbbf34a73bf52badb36281e082fe02b57aca

See more details on using hashes here.

File details

Details for the file zxcvbn-4.5.0-py2.py3-none-any.whl.

File metadata

  • Download URL: zxcvbn-4.5.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 409.4 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.7

File hashes

Hashes for zxcvbn-4.5.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 2b6eed621612ce6d65e6e4c7455b966acee87d0280e257956b1f06ccc66bd5ff
MD5 c0f22b97984431bcf83d3e91f929cf21
BLAKE2b-256 c2167410f8e714a109d43d17f4e27c8eabb351557653a9b570db1bd7dfdfd822

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page