zxcvbn-go icon indicating copy to clipboard operation
zxcvbn-go copied to clipboard

Published 20 hours ago verified publisher icon nbutton23

Score deviates from the coffee/javascript version

Open freman opened this issue 7 years ago • 4 comments 

./testpw Passi0n@ 'fred' 'blogs' 'johnny'
Passi0n@ [fred blogs johnny]
Score: 0

JS equiv. returns score of 1

freman avatar Apr 10 '17 07:04 freman

Facing the same issue. That golang version returns different scores then JS one. This is a problem because a password may pass validation on front end and fail at the back-end creating "what the f***" moment for a client that is impossible to justify.

dtoubelis avatar Jul 05 '17 19:07 dtoubelis

In my case my own password give a score of 3 with JS lib, and 1 with golang library ...

denouche avatar Jul 12 '17 13:07 denouche

For example 12111111AZ scores 2 using JS lib, and 0 using Golang lib ...

denouche avatar Jul 13 '17 09:07 denouche

Hi, I was also affected by this issue and after some failed attempts I came to the conclusion that this is unfortunately too difficult to achieve using the current library since the score is extremely sensitive to the way the best match sequence is found and its number of guesses is evaluated...

For those interested: I made instead a full Go port of the current coffeescript version from Dropbox, just publically available at https://github.com/trustelem/zxcvbn, that should give the exact same results as the coffeescript version.

vanackere avatar Jan 30 '18 12:01 vanackere