Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/codahale/passpol

A Java library for validating passwords against NIST SP-800-63B requirements.
https://github.com/codahale/passpol

java java-8 nist800-63b password-strength

Last synced: about 5 hours ago
JSON representation

A Java library for validating passwords against NIST SP-800-63B requirements.

Host: GitHub
URL: https://github.com/codahale/passpol
Owner: codahale
License: apache-2.0
Archived: true
Created: 2017-04-20T04:52:08.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2019-03-31T17:41:27.000Z (over 5 years ago)
Last Synced: 2024-09-24T20:49:14.630Z (about 10 hours ago)
Topics: java, java-8, nist800-63b, password-strength
Language: Java
Size: 615 KB
Stars: 26
Watchers: 6
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # Passpol

[![CircleCI](https://circleci.com/gh/codahale/passpol.svg?style=svg)](https://circleci.com/gh/codahale/passpol)

A Java 12 library for validating passwords against [NIST

SP-800-63B](https://pages.nist.gov/800-63-3/) requirements.

## Add to your project

```xml

  com.codahale

  passpol

  0.7.0

```

```java

module net.example.yours {

  requires com.codahale.passpol;

}

```

## Use the thing

```java

import com.codahale.passpol.BreachDatabase;

import com.codahale.passpol.PasswordPolicy;

class Example {

  void doIt() {

    final PasswordPolicy policy = new PasswordPolicy(BreachDatabase.haveIBeenPwned(5), 8, 64);

    

    // validate good passwords

    System.out.println(policy.check("this is a good, long password")); 

    

    // validate bad passwords

    System.out.println(policy.check("password"));

    

    // convert a unicode password to a normalized byte array suitable for hashing

    final byte[] bytes = PasswordPolicy.normalize("✊🏻 unicode 🔥 password");

  } 

}

```

## How it works

`PasswordPolicy` checks passwords for minimum and maximum length (i.e. the number of Unicode

codepoints in the string) and can check a set of breach databases to see if the password has been

made public.

The built-in breach databases include an offline list of 100,000 weak passwords from the [SecList

Project](https://github.com/danielmiessler/SecLists)'s collection of breached passwords.

`PasswordPolicy` also provides the means to normalize Unicode passwords into a canonical byte array

representation suitable for inputting into a password hashing algorithm like `bcrypt`.

## License

Copyright © 2017-2019 Coda Hale

Distributed under the Apache License 2.0.