mikehall314/stupid-password

A library to check if your password appears in the top 10,000 most used passwords

Maintainers

Details

github.com/mikehall314/stupid-passwords

Source

Issues

Installs: 205

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

v1.1.0 2023-06-04 08:23 UTC

Requires

  • php: ^7.3|^8.0

Requires (Dev)

MIT 0ed5f0b21d70827943252039f434ccc08c7a4f98

  • Mike Hall <mikehall314.woop@gmail.com>

securitypassword

This package is auto-updated.

Last update: 2024-09-04 11:02:01 UTC

README

This is a very simple library which lets you know if a password a user has chosen is stupid. The definition of "stupid" in this case, is that it appears as one of the top 10,000 most common passwords in the world, according to the OWASP project.

The passwords were compiled from various data breaches.

How to use it

use Stupid\Password;

// Returns a boolean
$passwordIsStupid = Password::isStupid($password);

How it works

The library maintains an internal list of SHA1 hashes of the top 10,000 passwords. When a password is tested, it is SHA'd and then checked against the password list.

SHA1? Isn't that like, hella broken?

For cryptographic purposes, yes. But this isn't about cryptography. SHA1 is nice and fast, and means we can quickly check if the password is on the list without having to actually include a load of passwords in this lib. All we include is a bunch of SHAs.

I can just reverse the passwords from the SHAs though

Go crazy. The list is on GitHub anyway.

Doesn't it go out of date

Sure. I'll update it from time-to-time. The last update was 4 June 2023.

License

MIT.

Author

Mike Hall (@mikehall314)