passpol

Validate passwords against NIST SP-800-63B requirements.

License

License

GroupId

GroupId

com.codahale
ArtifactId

ArtifactId

passpol
Last Version

Last Version

0.7.0
Release Date

Release Date

Type

Type

jar
Description

Description

passpol
Validate passwords against NIST SP-800-63B requirements.
Project URL

Project URL

https://github.com/codahale/passpol
Source Code Management

Source Code Management

https://github.com/codahale/passpol

Download passpol

How to add to project

<!-- https://jarcasting.com/artifacts/com.codahale/passpol/ -->
<dependency>
    <groupId>com.codahale</groupId>
    <artifactId>passpol</artifactId>
    <version>0.7.0</version>
</dependency>
// https://jarcasting.com/artifacts/com.codahale/passpol/
implementation 'com.codahale:passpol:0.7.0'
// https://jarcasting.com/artifacts/com.codahale/passpol/
implementation ("com.codahale:passpol:0.7.0")
'com.codahale:passpol:jar:0.7.0'
<dependency org="com.codahale" name="passpol" rev="0.7.0">
  <artifact name="passpol" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.codahale', module='passpol', version='0.7.0')
)
libraryDependencies += "com.codahale" % "passpol" % "0.7.0"
[com.codahale/passpol "0.7.0"]

Dependencies

test (6)

Group / Artifact Type Version
org.junit.jupiter : junit-jupiter jar 5.4.0
org.assertj : assertj-core jar 3.12.1
org.quicktheories : quicktheories jar 0.26
org.mockito : mockito-core jar 2.25.0
org.openjdk.jmh : jmh-core jar 1.21
org.openjdk.jmh : jmh-generator-annprocess jar 1.21

Project Modules

There are no modules declared in this project.

Passpol

CircleCI

A Java 12 library for validating passwords against NIST SP-800-63B requirements.

Add to your project

<dependency>
  <groupId>com.codahale</groupId>
  <artifactId>passpol</artifactId>
  <version>0.7.0</version>
</dependency>
module net.example.yours {
  requires com.codahale.passpol;
}

Use the thing

import com.codahale.passpol.BreachDatabase;
import com.codahale.passpol.PasswordPolicy;

class Example {
  void doIt() {
    final PasswordPolicy policy = new PasswordPolicy(BreachDatabase.haveIBeenPwned(5), 8, 64);
    
    // validate good passwords
    System.out.println(policy.check("this is a good, long password")); 
    
    // validate bad passwords
    System.out.println(policy.check("password"));
    
    // convert a unicode password to a normalized byte array suitable for hashing
    final byte[] bytes = PasswordPolicy.normalize("✊🏻 unicode 🔥 password");
  } 
}

How it works

PasswordPolicy checks passwords for minimum and maximum length (i.e. the number of Unicode codepoints in the string) and can check a set of breach databases to see if the password has been made public.

The built-in breach databases include an offline list of 100,000 weak passwords from the SecList Project's collection of breached passwords.

PasswordPolicy also provides the means to normalize Unicode passwords into a canonical byte array representation suitable for inputting into a password hashing algorithm like bcrypt.

License

Copyright © 2017-2019 Coda Hale

Distributed under the Apache License 2.0.

Versions

Version
0.7.0
0.6.2
0.6.1
0.6.0
0.5.1
0.5.0
0.4.0
0.3.0
0.2.1
0.2.0
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0