Giters

codahale / passpol

A Java library for validating passwords against NIST SP-800-63B requirements.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

javajava-8password-strengthnist800-63b

Passpol

CircleCI

A Java 12 library for validating passwords against NIST SP-800-63B requirements.

Add to your project

<dependency>
  <groupId>com.codahale</groupId>
  <artifactId>passpol</artifactId>
  <version>0.7.0</version>
</dependency>
module net.example.yours {
  requires com.codahale.passpol;
}

Use the thing

import com.codahale.passpol.BreachDatabase;
import com.codahale.passpol.PasswordPolicy;

class Example {
  void doIt() {
    final PasswordPolicy policy = new PasswordPolicy(BreachDatabase.haveIBeenPwned(5), 8, 64);
    
    // validate good passwords
    System.out.println(policy.check("this is a good, long password")); 
    
    // validate bad passwords
    System.out.println(policy.check("password"));
    
    // convert a unicode password to a normalized byte array suitable for hashing
    final byte[] bytes = PasswordPolicy.normalize("✊🏻 unicode 🔥 password");
  } 
}

How it works

PasswordPolicy checks passwords for minimum and maximum length (i.e. the number of Unicode codepoints in the string) and can check a set of breach databases to see if the password has been made public.

The built-in breach databases include an offline list of 100,000 weak passwords from the SecList Project's collection of breached passwords.

PasswordPolicy also provides the means to normalize Unicode passwords into a canonical byte array representation suitable for inputting into a password hashing algorithm like bcrypt.

License

Copyright © 2017-2019 Coda Hale

Distributed under the Apache License 2.0.

About

A Java library for validating passwords against NIST SP-800-63B requirements.

javajava-8password-strengthnist800-63b

License:Apache License 2.0

Languages

Language:Java 100.0%