-
-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implementing password strength check #1071
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am against this PR
the entropy calculation has an information theoretical basis here, and it checks how much information that the password carries relative to an incompressible string (which is what we want an ideal password to be, not an unrememberable string of special characters)
@@ -41,25 +41,25 @@ export function checkPassword(password: string): number { | |||
let pwStrength = 0; | |||
|
|||
// checks for total password len | |||
if (password.length >= 8 - 1) { | |||
if (password.length >= 7) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these might been hard coded values for min and max that should have been configurable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should I add the configuration options back then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should I add the configuration options back then?
So far, we've tried to make as much as possible configurable my the instance owner, and I think the password policy would be no exception. But probably wait for other opinions on it.
I made a mistake with my wording, I didn't exactly remove it. See the "Files changed".
|
@ngn13 Your change makes the entropy calculation always return zero, which is not the desired behaviour here. |
I understand that, the previous implementation did not work properly (and idk how to fix it), so I commented it out and left a to-do note so someone who knows math can implement it later. |
Signed-off-by: Scott Gould <[email protected]>
This will most likely work ngn13#1 I don't have the environment to test it right now |
Signed-off-by: Scott Gould <[email protected]>
Calculate entropy
I removed:
and instead implemented
Also I removed the shannon entropy calculation, I couldn't get it to work and idk mathentropy calculation now works thanks to @greysilly7