Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/codahale/passpol
A Java library for validating passwords against NIST SP-800-63B requirements.
https://github.com/codahale/passpol
java java-8 nist800-63b password-strength
Last synced: about 5 hours ago
JSON representation
A Java library for validating passwords against NIST SP-800-63B requirements.
- Host: GitHub
- URL: https://github.com/codahale/passpol
- Owner: codahale
- License: apache-2.0
- Archived: true
- Created: 2017-04-20T04:52:08.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2019-03-31T17:41:27.000Z (over 5 years ago)
- Last Synced: 2024-09-24T20:49:14.630Z (about 10 hours ago)
- Topics: java, java-8, nist800-63b, password-strength
- Language: Java
- Size: 615 KB
- Stars: 26
- Watchers: 6
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Passpol
[![CircleCI](https://circleci.com/gh/codahale/passpol.svg?style=svg)](https://circleci.com/gh/codahale/passpol)
A Java 12 library for validating passwords against [NIST
SP-800-63B](https://pages.nist.gov/800-63-3/) requirements.## Add to your project
```xml
com.codahale
passpol
0.7.0```
```java
module net.example.yours {
requires com.codahale.passpol;
}
```## Use the thing
```java
import com.codahale.passpol.BreachDatabase;
import com.codahale.passpol.PasswordPolicy;class Example {
void doIt() {
final PasswordPolicy policy = new PasswordPolicy(BreachDatabase.haveIBeenPwned(5), 8, 64);
// validate good passwords
System.out.println(policy.check("this is a good, long password"));
// validate bad passwords
System.out.println(policy.check("password"));
// convert a unicode password to a normalized byte array suitable for hashing
final byte[] bytes = PasswordPolicy.normalize("✊🏻 unicode 🔥 password");
}
}
```## How it works
`PasswordPolicy` checks passwords for minimum and maximum length (i.e. the number of Unicode
codepoints in the string) and can check a set of breach databases to see if the password has been
made public.The built-in breach databases include an offline list of 100,000 weak passwords from the [SecList
Project](https://github.com/danielmiessler/SecLists)'s collection of breached passwords.`PasswordPolicy` also provides the means to normalize Unicode passwords into a canonical byte array
representation suitable for inputting into a password hashing algorithm like `bcrypt`.## License
Copyright © 2017-2019 Coda Hale
Distributed under the Apache License 2.0.