[Passfault] Collaboration

Cam Morris cam.morris at owasp.org
Sat Aug 27 04:38:05 UTC 2016


Wow Ray that is fantastic!  If you can parse whats going on with the
DictionaryPatternsFinder I think that is the most complex part - I hope it
wasn't too hard.  If you check it in somewhere I'll put some links to it.
I'm working on getting passfault in the official OWASP github repository
<https://github.com/owasp>, we could put both the Java and C# projects
there.

On Aug 26, 2016 9:36 PM, "Ray Stone" <raystone1998 at earthlink.net> wrote:

> Cam/Bernardo,
>
> I was really bored last weekend and decided to convert PassFault into C# as
> a callable library (not a web service).  My original intention was more to
> understand the code than provide anything useful.  I’ve gotten 90% of the
> code converted and about half the unit tests passing. Hope to finish the
> port on Sunday.  Are either of you interested?
>
> Ray
>
> -----Original Message-----
> From: passfault-bounces at lists.owasp.org
> [mailto:passfault-bounces at lists.owasp.org] On Behalf Of Bernardo Araujo
> Rodrigues
> Sent: Friday, August 26, 2016 12:12 PM
> To: passfault at lists.owasp.org
> Subject: Re: [Passfault] Collaboration
>
> Thanks for the quick response Mr. Morris!
>
> I'm aware of zxcvbn. In fact, I came across Passfault in zxcvbn's GitHub
> repo: https://github.com/dropbox/zxcvbn/issues/52
>
> I'm still doing a lot of Literature Review (10+ articles still waiting on
> my
> desk) and other stuff might come up, but one idea I had for my Master
> Thesis
> is to write a detailed mathematical description of your implementation of
> Passfault.
> I wonder if there was such document available spreading the word, more
> people would be able to understand what's going on under the hood, as well
> as to collaborate and make it even better. OWASP could also take some
> advantage from that in promoting password strength awareness.
>
> Regarding tooling, this could be useful: https://wiki.debian.org/JavaPa
> ckage
> Maybe porting the code to some other popular language could also help
> improving its adoption? Maybe Python, or C++, I don't know.
> Could also be a good direction for my Thesis.
>
> Please let me know what you think about these ideas!
>
> Thanks again!
>
> Regards, Bernardo.
>
>
> > Bernardo thanks for your interest!  The cornell article is the only
> > academic paper I've read, but scholar.google.com pulled up another
> > article I wasn't aware of:  http://dl.acm.org/citation.cfm?id=2493173
> >
> > There were a few news articles - mostly blog posts, the first from ZDNet:
> > http://www.zdnet.com/article/your-passwords-dont-suck-its-your-policie
> > s/
> >
> > The only other tool I think that is comparable is zxcvb from dropbox:
> > https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-stren
> > gth-estimation/  That is also worth a look.  (I like the approach of
> > passfault a little better but I'm sure I'm biased)
> >
> > Yes we would love to have help.  I think the biggest challenge in
> > getting passfault adopted is in tooling.  Its been hard for anyone
> > other than a java developer to use it.  To that end I build a docker
> > image so people can simply use it as a microservice.  That helps the
> > front end developers but only half-way.  The other half is putting a
> > javascript library in web-developer repositories like bower or node.
> >
> > To help system administrators use it, I'd love to have it integrated
> > in linux and available in the linux repositories.
> >
> > Thanks!
> >
> > On Fri, Aug 26, 2016 at 9:43 AM, Bernardo Araujo Rodrigues <
> > bernardo at posgrad.ufg.br> wrote:
> >
> >> Hi everyone, how are you?
> >> My name is Bernardo Rodrigues, I am a Masters Candidate at UFG's
> >> Electrical, Computer and Mechanical Engineering School, Brazil.
> >>
> >> My research topic is password strength.
> >> After looking at several projects, I've come to the conclusion
> >> Passfault is the best implementation of password strength metrics
> >> nowadays. The project is really interesting!
> >>
> >> I just watched this presentation
> >> (https://www.youtube.com/watch?v=LPTUpGGgKLk), but I'm still really
> >> curious.
> >>
> >> I could only find one mention to Passfault by this Cornell article
> >> http://arxiv.org/abs/1512.05814
> >> I was wondering whether there is there any articles/publications
> >> (IEEE, InfoSec, etc) about Passfault? I mean, with details about its
> >> implementation, etc.
> >>
> >> Do you still need help with anything regarding coding or porting the
> >> project to linux distros?
> >>
> >> Regards,
> >> Bernardo Araujo Rodrigues
> >>
> >> Electronics Engineer | Engenheiro Eletrônico Electrical and Computer
> >> Engineering Masters Candidate | Mestrando em Engenharia Elétrica e
> >> de Computação.
> >> Mobile | Celular: +55 62 99182-9140
> >> skype: bernardoaraujor44
> >>
> >> _______________________________________________
> >> Passfault mailing list
> >> Passfault at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/passfault
> >>
> >
>
>
> --
>
> Webmail de Alunos - UFG
>
> _______________________________________________
> Passfault mailing list
> Passfault at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/passfault
>
> _______________________________________________
> Passfault mailing list
> Passfault at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/passfault
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/passfault/attachments/20160826/c2146232/attachment-0001.html>


More information about the Passfault mailing list