JSPM

fast-password-entropy

1.0.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 47990
  • Score
    100M100P100Q167675F
  • License MIT

Calculate the entropy of a password string, but fast!

Package Exports

  • fast-password-entropy

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (fast-password-entropy) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

fast-string-entropy

Calculate the entropy bits of a string as a quick proxy to password strength.

See Entropy as a measure of password strength for more information.

Installation

$ npm install --save fast-string-entropy

Usage

const stringEntropy = require('fast-string-entropy')

console.log(stringEntropy('1234')) // 13
console.log(stringEntropy('password')) // 38

Research

Several libraries were analyzed before creating this one. Some of those are listed below, along with the drawbacks found for each one.

information-entropy: Too basic. Cannot extract charset length from the string being tested.

joi-password-complexity: Interesting but not providing raw entropy information.

passwd-strength: Values are correct but is too slow.

password-entropy: Entropy calculation is not following any standard so results are very different from other libs.

password-strength: Only giving "simple", "medium", "strong" values.

string-entropy: Provides good entropy values but is slow.

tai-password-strength: Very complex and results are not fully matching the expected results.

zxcvbn: Uses comprehensive heuristics to estimate complexity but solves a much more complex problem instead.

Benchmark

After the research, only three libraries were analyzed in detail and benchmarked. This library results are 3.5x faster than the existing libraries.

$ npm run bench

Test strings [ '',
  '8646',
  'xtcmFWoH',
  'Lp2x0P1iMEPWZKaQ',
  'escape piece useful cloth',
  'needle excitement over aloud price among',
  'topic contain anything political great thank dawn among butter doll fought end' ]

Results for `fast-string-entropy`   [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `passwd-strength`       [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `password-entropy`      [ 1, 1, 3, 10, 10, 10, 10 ]
Results for `string-entropy`        [ 0, 13, 46, 95, 118, 188, 367 ]
Results for `tai-password-strength` [ 0, 6, 24, 62, 87, 152, 312 ]

Benchmarking...
fast-string-entropy x 557,198 ops/sec ±1.27% (87 runs sampled)
passwd-strength x 1,732 ops/sec ±4.36% (81 runs sampled)
string-entropy x 143,412 ops/sec ±3.92% (83 runs sampled)
tai-password-strength x 11,590 ops/sec ±1.28% (86 runs sampled)

Fastest is fast-string-entropy

License

MIT