[Passfault] Collaboration

Bernardo Araujo Rodrigues bernardo at posgrad.ufg.br
Sat Aug 27 04:50:38 UTC 2016


Hey Ray that's really cool.
How long did that take you?

> Wow Ray that is fantastic!  If you can parse whats going on with the
> DictionaryPatternsFinder I think that is the most complex part - I hope it
> wasn't too hard.  If you check it in somewhere I'll put some links to it.
> I'm working on getting passfault in the official OWASP github repository
> <https://github.com/owasp>, we could put both the Java and C# projects
> there.
>
> On Aug 26, 2016 9:36 PM, "Ray Stone" <raystone1998 at earthlink.net> wrote:
>
>> Cam/Bernardo,
>>
>> I was really bored last weekend and decided to convert PassFault into C#
>> as
>> a callable library (not a web service).  My original intention was more
>> to
>> understand the code than provide anything useful.  I’ve gotten 90% of
>> the
>> code converted and about half the unit tests passing. Hope to finish the
>> port on Sunday.  Are either of you interested?
>>
>> Ray
>>
>> -----Original Message-----
>> From: passfault-bounces at lists.owasp.org
>> [mailto:passfault-bounces at lists.owasp.org] On Behalf Of Bernardo Araujo
>> Rodrigues
>> Sent: Friday, August 26, 2016 12:12 PM
>> To: passfault at lists.owasp.org
>> Subject: Re: [Passfault] Collaboration
>>
>> Thanks for the quick response Mr. Morris!
>>
>> I'm aware of zxcvbn. In fact, I came across Passfault in zxcvbn's GitHub
>> repo: https://github.com/dropbox/zxcvbn/issues/52
>>
>> I'm still doing a lot of Literature Review (10+ articles still waiting
>> on
>> my
>> desk) and other stuff might come up, but one idea I had for my Master
>> Thesis
>> is to write a detailed mathematical description of your implementation
>> of
>> Passfault.
>> I wonder if there was such document available spreading the word, more
>> people would be able to understand what's going on under the hood, as
>> well
>> as to collaborate and make it even better. OWASP could also take some
>> advantage from that in promoting password strength awareness.
>>
>> Regarding tooling, this could be useful: https://wiki.debian.org/JavaPa
>> ckage
>> Maybe porting the code to some other popular language could also help
>> improving its adoption? Maybe Python, or C++, I don't know.
>> Could also be a good direction for my Thesis.
>>
>> Please let me know what you think about these ideas!
>>
>> Thanks again!
>>
>> Regards, Bernardo.
>>
>>
>> > Bernardo thanks for your interest!  The cornell article is the only
>> > academic paper I've read, but scholar.google.com pulled up another
>> > article I wasn't aware of:  http://dl.acm.org/citation.cfm?id=2493173
>> >
>> > There were a few news articles - mostly blog posts, the first from
>> ZDNet:
>> > http://www.zdnet.com/article/your-passwords-dont-suck-its-your-policie
>> > s/
>> >
>> > The only other tool I think that is comparable is zxcvb from dropbox:
>> > https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-stren
>> > gth-estimation/  That is also worth a look.  (I like the approach of
>> > passfault a little better but I'm sure I'm biased)
>> >
>> > Yes we would love to have help.  I think the biggest challenge in
>> > getting passfault adopted is in tooling.  Its been hard for anyone
>> > other than a java developer to use it.  To that end I build a docker
>> > image so people can simply use it as a microservice.  That helps the
>> > front end developers but only half-way.  The other half is putting a
>> > javascript library in web-developer repositories like bower or node.
>> >
>> > To help system administrators use it, I'd love to have it integrated
>> > in linux and available in the linux repositories.
>> >
>> > Thanks!
>> >
>> > On Fri, Aug 26, 2016 at 9:43 AM, Bernardo Araujo Rodrigues <
>> > bernardo at posgrad.ufg.br> wrote:
>> >
>> >> Hi everyone, how are you?
>> >> My name is Bernardo Rodrigues, I am a Masters Candidate at UFG's
>> >> Electrical, Computer and Mechanical Engineering School, Brazil.
>> >>
>> >> My research topic is password strength.
>> >> After looking at several projects, I've come to the conclusion
>> >> Passfault is the best implementation of password strength metrics
>> >> nowadays. The project is really interesting!
>> >>
>> >> I just watched this presentation
>> >> (https://www.youtube.com/watch?v=LPTUpGGgKLk), but I'm still really
>> >> curious.
>> >>
>> >> I could only find one mention to Passfault by this Cornell article
>> >> http://arxiv.org/abs/1512.05814
>> >> I was wondering whether there is there any articles/publications
>> >> (IEEE, InfoSec, etc) about Passfault? I mean, with details about its
>> >> implementation, etc.
>> >>
>> >> Do you still need help with anything regarding coding or porting the
>> >> project to linux distros?
>> >>
>> >> Regards,
>> >> Bernardo Araujo Rodrigues
>> >>
>> >> Electronics Engineer | Engenheiro Eletrônico Electrical and
>> Computer
>> >> Engineering Masters Candidate | Mestrando em Engenharia Elétrica e
>> >> de Computação.
>> >> Mobile | Celular: +55 62 99182-9140
>> >> skype: bernardoaraujor44
>> >>
>> >> _______________________________________________
>> >> Passfault mailing list
>> >> Passfault at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/passfault
>> >>
>> >
>>
>>
>> --
>>
>> Webmail de Alunos - UFG
>>
>> _______________________________________________
>> Passfault mailing list
>> Passfault at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/passfault
>>
>> _______________________________________________
>> Passfault mailing list
>> Passfault at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/passfault
>>
>


-- 

Webmail de Alunos - UFG



More information about the Passfault mailing list