[Passfault] OWASP Passfault Roadmap

Cameron Morris cam.morris at gmail.com
Mon Apr 23 17:21:16 UTC 2012


Welcome to OWASP Passfault. In this first post to the mailing list I'd like
to outline where the project is now, and where I think it can go.

Now:  If you have a project that is in java or the JVM (Jruby, groovy, etc)
OWASP Passfault is ready to be used now.  I'd like to get some more common
used english words in a smaller dictionary.  But as it stands right now, it
will be more accurate than ANY password tool out there right now.  Look at
these code samples to see how to get up and running:
-
https://github.com/c-a-m/passfault/blob/master/core/src/com/passfault/TextAnalysis.java
-
https://github.com/c-a-m/passfault/blob/master/applet/src/com/passfault/applet/Passfaultlet.java

Soon:  If you have a non-JVM web project (php, rails, Dot-net, etc.) the
JSON passfault service is almost ready.  The JSON service takes a password
and returns the analysis.  A little bit of work and you can be up and
running.  There are three projects in this area:
-  JSON server.  Alpha.  It would be nice to have a slick configuration
file to configure dictionaries.
-  Java Applet: Alpha. This makes it so the password never leaves the
browser
-  JQuery Plugin: Needs to be built.  This would make it easy to put
Passfault into a webpage, and would be smart enough to switch between the
applet and the JSON server if the applet can't run.

Future:
- Language Ports:  In which language do you want passfault available?
- Linux/Windows: Any administrator should be able to turn on Passfault on
their boxes.
- GWT compile to Javascript.
- Whatever you want:  That is the beauty of open source.

I may be a bit conceited about this, but I sincerely believe that passfault
will be the way passwords are evaluated three years from now.  I invite you
to lead or participate in any of the above projects and help us get there.

- Cam Morris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/passfault/attachments/20120423/c7e7c813/attachment.html>


More information about the Passfault mailing list