You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 28, 2020. It is now read-only.
In addition to #15's requirement for a password strength validator, we should use a common password validator to prevent using simple passwords. The berzerk0/Probable-Wordlists repo has multiple wordlists from leaked passwords across services. By creating a bloom filter from these, we can do a two-pass validator:
Test against the bloom filter in-process in a password validator. This is a lightweight lookup but may have false positive matches.
If matching, test against an indexed wordlist, possibly with the index stored in a database.
In addition to #15's requirement for a password strength validator, we should use a common password validator to prevent using simple passwords. The berzerk0/Probable-Wordlists repo has multiple wordlists from leaked passwords across services. By creating a bloom filter from these, we can do a two-pass validator: