passchk_fast - A JavaScript password strength utility based on passchk

Published on Sunday, September 19th 2010 at 2:06
Last updated on Monday, February 13th 2017 at 22:47

I have been working on a little pet project to improve the registration form for a site I am working on, and came across passchk by Tyler Akins. Thanks Tyler, it has been a great use to me. This great bit of code had the kind of functionality that I was after, but the JavaScript-based decompression routine seemed a bit slow for something to use in a registration form - I wanted something a bit more snappy. So after a couple of hours of coding, I have re-factored passchk, trading off space for speed. The common passwords file is uncompressed and stored as JSON, increasing the file size but doing away with the time required for decompression. This led to the common passwords being stored ROT13-encrypted, so that obscene common passwords do not cause the JS file to be blocked by any web filtering/firewalls. the frequency table is also stored as a JSON string, for rapid loading, in the main JS file.

I have also completely rewritten the character set size determination function to use regex instead, and made a minor tweak to the entropy calculation function to handle single character passwords more correctly. The functionality has been broken out into separate functions so that they can better be re-used. See how the final modified code behaves here (no password data is sent back to this server - all calculations are done in JavaScript from within your browser.)

Loading …

download here if you want to use it. It is licensed under the GPL3.

To learn more about password entropy and information theory, see Tyler’s excellent original page, as well as Wikipedia’s page on Password Strength.