howsecureismypassword / hsimp Goto Github PK

Hi there,

first of all: a big thanks for including the language tools to the latest update.
Now I found a moment of time to include this new changes to my code.

I use hsimp.setPeriodDictionary(array) like the following:
hsimp.setPeriodDictionary(getLocaArray())
function getLocaArray() { return [ { "singular": GetLoca("HSIMP_E_24_S"), "plural": GetLoca("HSIMP_E_24_P"), "seconds": 1e-24 } //+ all the other entries ] }
GetLoca just returns a localized string like "yoctosecond" as string based on the entered key.

Here is the error: this works fine for all but the seconds-entry. if the returned string is different from "second" and "seconds" the whole dictionary gets broken and everything I get is "instant" or "forever" as return of the check.

Do you have an idea for the origin of this error?

These passwords:
Password
password
PAssword
PaSSword
PASSWORD
PasSWOrd

all appear as "top 5 passwords", yet there are 6 right here. Something's not right.

Are there any docs or any way in which you could change the output messages to another language?

If not are there any plans to add this feature

Would you consider adding some derivatives to the common passwords? I know lots of people enjoy this comic and I would hate to learn someone is using some derivative of that password :-)

horsebatterystaple
staplebatterycorrecthorse
...

If I use the below passwords, it shows a contradiction:

asdfghjklmnbvcxyasd is green and looks good and strong (2 billion years), meanwhile asdfghjklmnbvcxyasd4 is orange and looks worse (42 trillion years).

And there is another one:

There is a difference between the bower build and the webpage. With the above passwords:
asdfghjklmnbvcxyasd - 607 million vs 2 billion
asdfghjklmnbvcxyasd4 - 11 trillion vs 42 trillion

Would be possible to translate howsecureismypassword.net to Spanish?

I am not sure if it would be too much coding to provide other languages support, but if you provide the strings that I have to translate I can do it :)

Nice project.

https://howsecureismypassword.net/

'this is a test' = 111 thousand years
'this-is-a-test' = 30 thousand years

Or

'table book tree' = 5 million years
'table-book-tree' = 1 million years

Isn't there the same.. or even more entropy with a - ?

saya tulis sandi di web howsecureismypassword.net dan saya bandingkan dengan source code yg saya unduh. why the result is different?

Hi there first of all: thanks for the great JS! I just love it.

But it is possible to build an option to overwrite the existing messages?

I think about the texts for common or possiblyWord and also "name of the numbers". I want to make some messages shorter for my site. And for the numbers: I want to show the number in digits (is more fun to see the zeros rising).

Change the build of http://howsecureismypassword.net to embed the CSS and JS resource inside the HTML page so I can easily get the page with curl and run it locally.

Ascii symbols like "start of header" or "start of text" (or String.fromCharCode(1) / String.fromCharCode(2)) do not add any calculation time.
You could input twenty STX characters and you would get "0 YOCTOSECONDS" as the result

When beautifying the JS code of https://howsecureismypassword.net/ I get more than 11600 lines of JS code. Are we supposed to trust that?

It would be great to see a character counter somewhere (on the webpage and the bower-installed build also: next to the password field (or below)), to improve the message that a few more characters mean a great impact on password strength.

And it would be great to link the well-known https://xkcd.com/936/ through that "number" (a gamified/funny explanation is always a good choice to spread the message).

Looks like the let's encrypt certificate has expired...

If I visit https://howsecureismypassword.net and enter a password it says: It would take a computer about [enter amount of time here] to crack your password.

What kind of computer are you referring to?
Are you referring to any cheap consumer laptop?
Are you referring to high-end/gaming PCs?
Are you referring to specialized hardware?

I think it would be very interesting if you were to add such information to your website.

Knowing that some computer I don't know the specs of could crack 78432538 in 10 milliseconds is interesting. Knowing that my $1000 laptop, or my friend's $400 tablet could do it in a similar amount of time brings the whole thing very much down to Earth, I think. It makes the threat real.

Regards.

The documentation says to use options.outputText to specify a function to show the text that is output. However, the source code uses options.outputTime to output the estimated time.

I tested password "abzfe" and result was 2 hundred millisecond,
maybe is bug

A 'good' (green) password turns into an 'OK' (orange) password when adding a 'repeated pattern' (3 identical characters) to the password (it doesn't matter where, i.e. the beginning/middle/end). This doesn't seem right to me: the password still gets stronger (because longer), and definitely not weaker. A better approach might be to not take into account the repeated characters when looking at the length of the password (though some sources say it's still better to pad a password with a certain character than to use a shorter password).