Calculate Password Strength

Discussion in 'other security issues & news' started by Ramesh, Nov 11, 2003.

Thread Status:
Not open for further replies.
  1. Ramesh

    Ramesh Guest

    I'm not sure whether this is the right forum to ask the question. Anyway here is my question. I'm writing a Java program which will determine the 'password strength' for any given password. Can someone suggest me some logic on how to calculate the password strength.? Are there any standard logic which I can use to calculate password strength.? Please check the logic which I used to calculate the password strength. If you think I can add additional checks in determining the password strength, please let me know.

    Following is the simple logic I followed.

    -> A maximum of 10 points for any given password ( i.e A strong password gets 10 points )

    -> Minimum of 2 points for any passwords.

    -> If the password contains alphabets and numbers it gets 2 more points.

    -> If the password contains combination of lower case and upper case it gets 2 more points.

    -> If the password contains Special chars it gets 2 more points.

    -> If the length of the password is greater than 8 chrs it gets 2 more points.

    example :

    weak - gets 2 points.
    weak1 - gets 4 points. ( has alphabets and numbers - gets 2 more points )
    weAk1 - gets 6 points. ( has lower case and upper case - gets 2 more points )
    weAk1pwds - gets 8 points. ( > 8 chrs - gets 2 more points )
    @weAk1pwds - gets 10 points. ( has special chrs - gets 2 more points. )

    According to this logic , 'weak' is weak password and '@weAk1pwds' is strong password.

    Checking against a dictionary for words is little overhead for this kind of program. Is there a logic to check for "word like" stuff.? i.e weak (or) week (or) veek can be considered as "word like". However viak (or) wyeak (or) veekee are not "word like". If I get some general logic to decide whether the given password does not contains any "word like" stuff, I can use that to add more points for the password.

    Thanks in advance for your answers.
  2. bigc73542

    bigc73542 Retired Moderator

    Sep 21, 2003
    SW. Oklahoma
    you might look at the link don't know if it will help or not.It was about the only thing I could find on a password strengh search.
Thread Status:
Not open for further replies.