Skip to content

Calculate the entropy of a password string, but fast!

License

Notifications You must be signed in to change notification settings

autonomoussoftware/fast-password-entropy

Repository files navigation

fast-password-entropy

Build Status Code Style Known Vulnerabilities Greenkeeper badge

Calculate the entropy bits of a string as a quick proxy to password strength.

See Entropy as a measure of password strength for more information.

Installation

$ npm install --save fast-password-entropy

Usage

const stringEntropy = require('fast-password-entropy')

console.log(stringEntropy('1234')) // 13
console.log(stringEntropy('password')) // 38

ES5 support

A transpiled version is available in es5/index.js. To use that specific version, this syntax is also supported:

var stringEntropy = require('fast-password-entropy/es5');

Research

Several libraries were analyzed before creating this one. Some of those are listed below, along with the drawbacks found for each one.

information-entropy: Too basic. Cannot extract charset length from the string being tested.

joi-password-complexity: Interesting but not providing raw entropy information.

passwd-strength: Values are correct but is too slow.

password-entropy: Entropy calculation is not following any standard so results are very different from other libs.

password-strength: Only giving "simple", "medium", "strong" values.

string-entropy: Provides good entropy values but is slow.

tai-password-strength: Very complex and results are not fully matching the expected results.

zxcvbn: Uses comprehensive heuristics to estimate complexity but solves a much more complex problem instead.

Benchmark

After the research, only three libraries were analyzed in detail and benchmarked. This library results are 3.5x faster than the existing libraries.

$ npm run bench

Test strings [ '',
  '8646',
  'xtcmFWoH',
  'Lp2x0P1iMEPWZKaQ',
  'escape piece useful cloth',
  'needle excitement over aloud price among',
  'topic contain anything political great thank dawn among butter doll fought end' ]

Results for `fast-password-entropy`   [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `passwd-strength`       [ 0, 13, 46, 95, 147, 235, 459 ]
Results for `password-entropy`      [ 1, 1, 3, 10, 10, 10, 10 ]
Results for `string-entropy`        [ 0, 13, 46, 95, 118, 188, 367 ]
Results for `tai-password-strength` [ 0, 6, 24, 62, 87, 152, 312 ]

Benchmarking...
fast-password-entropy x 557,198 ops/sec ±1.27% (87 runs sampled)
passwd-strength x 1,732 ops/sec ±4.36% (81 runs sampled)
string-entropy x 143,412 ops/sec ±3.92% (83 runs sampled)
tai-password-strength x 11,590 ops/sec ±1.28% (86 runs sampled)

Fastest is fast-password-entropy

License

MIT