[Passfault] Collaboration

Bernardo Araujo Rodrigues bernardo at posgrad.ufg.br
Fri Aug 26 19:12:19 UTC 2016


Thanks for the quick response Mr. Morris!

I'm aware of zxcvbn. In fact, I came across Passfault in zxcvbn's GitHub
repo: https://github.com/dropbox/zxcvbn/issues/52

I'm still doing a lot of Literature Review (10+ articles still waiting on
my desk) and other stuff might come up, but one idea I had for my Master
Thesis is to write a detailed mathematical description of your
implementation of Passfault.
I wonder if there was such document available spreading the word, more
people would be able to understand what's going on under the hood, as well
as to collaborate and make it even better. OWASP could also take some
advantage from that in promoting password strength awareness.

Regarding tooling, this could be useful: https://wiki.debian.org/JavaPackage
Maybe porting the code to some other popular language could also help
improving its adoption? Maybe Python, or C++, I don't know.
Could also be a good direction for my Thesis.

Please let me know what you think about these ideas!

Thanks again!

Regards, Bernardo.


> Bernardo thanks for your interest!  The cornell article is the only
> academic paper I've read, but scholar.google.com pulled up another article
> I wasn't aware of:  http://dl.acm.org/citation.cfm?id=2493173
>
> There were a few news articles - mostly blog posts, the first from ZDNet:
> http://www.zdnet.com/article/your-passwords-dont-suck-its-your-policies/
>
> The only other tool I think that is comparable is zxcvb from dropbox:
> https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/
>  That is also worth a look.  (I like the approach of passfault a little
> better but I'm sure I'm biased)
>
> Yes we would love to have help.  I think the biggest challenge in getting
> passfault adopted is in tooling.  Its been hard for anyone other than a
> java developer to use it.  To that end I build a docker image so people
> can
> simply use it as a microservice.  That helps the front end developers but
> only half-way.  The other half is putting a javascript library in
> web-developer repositories like bower or node.
>
> To help system administrators use it, I'd love to have it integrated in
> linux and available in the linux repositories.
>
> Thanks!
>
> On Fri, Aug 26, 2016 at 9:43 AM, Bernardo Araujo Rodrigues <
> bernardo at posgrad.ufg.br> wrote:
>
>> Hi everyone, how are you?
>> My name is Bernardo Rodrigues, I am a Masters Candidate at UFG's
>> Electrical, Computer and Mechanical Engineering School, Brazil.
>>
>> My research topic is password strength.
>> After looking at several projects, I've come to the conclusion Passfault
>> is the best implementation of password strength metrics nowadays. The
>> project is really interesting!
>>
>> I just watched this presentation
>> (https://www.youtube.com/watch?v=LPTUpGGgKLk), but I'm still really
>> curious.
>>
>> I could only find one mention to Passfault by this Cornell article
>> http://arxiv.org/abs/1512.05814
>> I was wondering whether there is there any articles/publications (IEEE,
>> InfoSec, etc) about Passfault? I mean, with details about its
>> implementation, etc.
>>
>> Do you still need help with anything regarding coding or porting the
>> project to linux distros?
>>
>> Regards,
>> Bernardo Araujo Rodrigues
>>
>> Electronics Engineer | Engenheiro Eletrônico
>> Electrical and Computer Engineering Masters Candidate | Mestrando em
>> Engenharia Elétrica e de Computação.
>> Mobile | Celular: +55 62 99182-9140
>> skype: bernardoaraujor44
>>
>> _______________________________________________
>> Passfault mailing list
>> Passfault at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/passfault
>>
>


-- 

Webmail de Alunos - UFG



More information about the Passfault mailing list