[Passfault] Collaboration

Ray Stone raystone1998 at earthlink.net
Sat Aug 27 03:35:34 UTC 2016


I was really bored last weekend and decided to convert PassFault into C# as
a callable library (not a web service).  My original intention was more to
understand the code than provide anything useful.  I’ve gotten 90% of the
code converted and about half the unit tests passing. Hope to finish the
port on Sunday.  Are either of you interested?


-----Original Message-----
From: passfault-bounces at lists.owasp.org
[mailto:passfault-bounces at lists.owasp.org] On Behalf Of Bernardo Araujo
Sent: Friday, August 26, 2016 12:12 PM
To: passfault at lists.owasp.org
Subject: Re: [Passfault] Collaboration

Thanks for the quick response Mr. Morris!

I'm aware of zxcvbn. In fact, I came across Passfault in zxcvbn's GitHub
repo: https://github.com/dropbox/zxcvbn/issues/52

I'm still doing a lot of Literature Review (10+ articles still waiting on my
desk) and other stuff might come up, but one idea I had for my Master Thesis
is to write a detailed mathematical description of your implementation of
I wonder if there was such document available spreading the word, more
people would be able to understand what's going on under the hood, as well
as to collaborate and make it even better. OWASP could also take some
advantage from that in promoting password strength awareness.

Regarding tooling, this could be useful: https://wiki.debian.org/JavaPackage
Maybe porting the code to some other popular language could also help
improving its adoption? Maybe Python, or C++, I don't know.
Could also be a good direction for my Thesis.

Please let me know what you think about these ideas!

Thanks again!

Regards, Bernardo.

> Bernardo thanks for your interest!  The cornell article is the only 
> academic paper I've read, but scholar.google.com pulled up another 
> article I wasn't aware of:  http://dl.acm.org/citation.cfm?id=2493173
> There were a few news articles - mostly blog posts, the first from ZDNet:
> http://www.zdnet.com/article/your-passwords-dont-suck-its-your-policie
> s/
> The only other tool I think that is comparable is zxcvb from dropbox:
> https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-stren
> gth-estimation/  That is also worth a look.  (I like the approach of 
> passfault a little better but I'm sure I'm biased)
> Yes we would love to have help.  I think the biggest challenge in 
> getting passfault adopted is in tooling.  Its been hard for anyone 
> other than a java developer to use it.  To that end I build a docker 
> image so people can simply use it as a microservice.  That helps the 
> front end developers but only half-way.  The other half is putting a 
> javascript library in web-developer repositories like bower or node.
> To help system administrators use it, I'd love to have it integrated 
> in linux and available in the linux repositories.
> Thanks!
> On Fri, Aug 26, 2016 at 9:43 AM, Bernardo Araujo Rodrigues < 
> bernardo at posgrad.ufg.br> wrote:
>> Hi everyone, how are you?
>> My name is Bernardo Rodrigues, I am a Masters Candidate at UFG's 
>> Electrical, Computer and Mechanical Engineering School, Brazil.
>> My research topic is password strength.
>> After looking at several projects, I've come to the conclusion 
>> Passfault is the best implementation of password strength metrics 
>> nowadays. The project is really interesting!
>> I just watched this presentation
>> (https://www.youtube.com/watch?v=LPTUpGGgKLk), but I'm still really 
>> curious.
>> I could only find one mention to Passfault by this Cornell article
>> http://arxiv.org/abs/1512.05814
>> I was wondering whether there is there any articles/publications 
>> (IEEE, InfoSec, etc) about Passfault? I mean, with details about its 
>> implementation, etc.
>> Do you still need help with anything regarding coding or porting the 
>> project to linux distros?
>> Regards,
>> Bernardo Araujo Rodrigues
>> Electronics Engineer | Engenheiro Eletrônico Electrical and Computer 
>> Engineering Masters Candidate | Mestrando em Engenharia Elétrica e 
>> de Computação.
>> Mobile | Celular: +55 62 99182-9140
>> skype: bernardoaraujor44
>> _______________________________________________
>> Passfault mailing list
>> Passfault at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/passfault


Webmail de Alunos - UFG

Passfault mailing list
Passfault at lists.owasp.org

More information about the Passfault mailing list