zxcvbn-rb icon indicating copy to clipboard operation
zxcvbn-rb copied to clipboard

Published 20 hours ago verified publisher icon formigarafa

Feature/add configuration option for custom dictionaries

Open Saoma1 opened this issue 2 years ago • 5 comments

Description

This pull request adds a new configuration option to the Zxcvbn library, allowing users to customize to add custom dictionaries in the form of a text file.

Changes Made

  • Added a new config module
  • Added spec for the config
  • Added config option to the readme

Saoma1 avatar Jun 01 '23 14:06 Saoma1

I like this idea, too. I have been investigating something along these lines since the beginning.

I did not committed with this approach because I am still wondering what can I do to load the dictionaries faster, save memory after loaded, and release memory when no longer needed to keep them loaded.

I understand that these listed ideas listed may not be compatible with each other. I could not decide what direction to take, yet, and for now I simply left the code similar to the original.

Sorry for taking that long, but I will have a bit more thought around it. Maybe also add a reset/replace option, so you can get a completely fresh dictionary. I am also wondering If I should change the current dictionaries to files to be loaded and have a single interface to everything. What you think?

formigarafa avatar Oct 09 '23 01:10 formigarafa

@formigarafa thanks for writing back.

So right now I use your gem in a rails app, there, I want the dictionaries to be loaded ones and be kept in memory. Would want to have to reload the dictionaries every time a request comes in, that would take too much time. But that is just my input and maybe I am shooting in a different direction.

I do see the value of a reset/reload method as we might not want to reload the whole application. Also the idea of a single interface makes a lot of sense.

If I can help out in any way let me know 🙂

Saoma1 avatar Nov 01 '23 18:11 Saoma1

I understand your point and keeping dictionaries in memory is what the gem does atm. But I wonder if there is a middle ground because usually only sign-ups and password changes need to check the password strength. Sign-in requests only need if you want to take existing users with weak passwords to update their passwords. And even in that case you would not want that step to be dragged for too long. If after a good chunk of users have been marked as having a strong password I would just erase the password of the remaining users and let them use a reset password process to set a new and strong one. The apps in general would be processing a whole lot of other requests that do not need that dictionary in memory.

formigarafa avatar Nov 01 '23 21:11 formigarafa

@Saoma1 , I feel that with #18 PR your idea of a configurable selection of dictionaries should be much easier to implement without causing any trouble to other functionalities, resetting or unloading.

formigarafa avatar Nov 05 '24 02:11 formigarafa

@formigarafa awesome, that is great to hear & thank you for your work! I will test it out once you merge it!

Saoma1 avatar Nov 05 '24 15:11 Saoma1