Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts

    How check same letters in a password onkeyup

    I'm working on a script to check password strength "onkeyup",so when the user enters a password after every character i call a function to check the passwords strength.I'm almost ready,but i stucked with one thing:
    I want to check the same characters in the password,so i can deduct some point from the score if there are identical characters.
    Here is my code:
    PHP Code:
    var multis 0;
            for(var 
    1passLengthx++)
                {
                    
    actChar = new RegExp(password.charAt(x),"g");
                    
    multis += password.match(actChar).length;
                } 
    I know it seems an easy task,but i've spent at least 6 hours with it,(the first pitfall was that i didn't know the RegExp function and took my variables into the match() function,i think you can imagine the results)and i just can't figure this out,i always get crazy results,i've tried a few more versions as well without any luck.
    Thx in advance for anybody who can help me!

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,247
    Thanks
    203
    Thanked 2,556 Times in 2,534 Posts
    Why is the strength of the password affected if there are multiple instances of the same character?

    Pjpjpjpj is just as strong (or weak) as pjasdmdr. The strength of a password depends on the different types of characters that you use, the overall length of the password, and whether the password can be found in a dictionary. It should be at least 10 characters long.


    Code:
    <script type = "text/javascript">
    var x = "password999";
    var xArray = x.split("");
    var len = xArray.length;
    for (i = 0; i < len; i++){
    for (j = i + 1; j < len; j++) {
    if (xArray[i] == xArray[j]) {
    alert ("Duplicated character " + xArray[i]);
    xArray[i] = "***";  // dups are found only once - delete this line if not required
    }
    }
    }
    </script>
    The best way to determine password strength is to calculate the number of possible passwords based on the known parameters of the current password.

    For example, in order of increasing strength:
    5 characters, all lower case = 26 ^ 5 = 11881376.
    5 characters, mixed case = 52 ^ 5 = 130691232.
    5 characters, mixed case, numbers and symbols = 110 ^ 5 = 16105100000
    10 characters, all lower case = 26 ^ 10 = 141167095653376
    15 characters, all lower case = 26 ^ 15 = 1677259342285725925376

    As you can see, a 10 character password has many, many more possible permutations than a 5 character password, even if there are fewer possible characters for each letter of the password. This is because the exponent of the equation has much more impact than the operand on the final result. In other words, the length of the password is by far the most important factor. And a 10-character password is very much more than twice as strong as a 5-character password.

    The trouble with a password policy is, if the attacker knows that you have a particular password policy then all the policy does is to reduce the number of allowable permutations and make the attack easier!

    For instance, in the 5 character password above, let us suppose that one character must be upper case, one must be lower case, one must be a symbol and one must be a number... the fifth can be any of them. This leaves the possible combinations at 26 x 26 x 10 x 48 x 110 = 35692800. To find the number of permutations we need to multiply that number by 5! which leaves us with 4283136000 which is around a quarter of 16105100000, the original number of possible passwords if that password policy did not exist!

    So paradoxically a "strong" password with specified rules may be weaker than an unconstrained one! The strongest passwords will be the longest (largest number of characters) but without imposed constraints. It cannot make any difference if a particular character is duplicated. Indeed, such a constraint (if known to the attacker) reduces the number of permutations and so weakens the password! The simplest defence to password cracking is to limit the number of log-on attempts within a given time period - say 3 per five-minutes.


    BTW, the time to say "thanks" is afterwards, not beforehand which gives the - doubtless unintended - impression that you take other people's voluntary unpaid assistance and expertise for granted. Or as British politician Neil Kinnock put it, "Don't belch before you have had the meal." Prefer to use "please" beforehand and if you find a response helpful then you can use the "Thank User For This Post" button.

    "It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt." - Mark Twain, US humorist, novelist, short story author, & wit (1835 - 1910)
    Last edited by Philip M; 06-18-2010 at 10:38 AM.

  • Users who have thanked Philip M for this post:

    attasz (06-18-2010)

  • #3
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thank you for your help,the script works fine.The purpose to check the multiple instances,that i see people using "aaaaaa","aaaxxx" etc. passwords,i try to filter them.I check the passwords to see if they have special characters and capitals,and the length too,but that part works fine,i only got stuck at this point.BTW,you explanation is useful,i didn't know this topic that thoroughly.
    I don't get your point in this:
    BTW, the time to say "thanks" is afterwards, not beforehand which gives the - doubtless unintended - impression that you take other people's voluntary unpaid assistance and expertise for granted. Or as British politician Neil Kinnock put it, "Don't belch before you have had the meal." Prefer to use "please" beforehand and if you find a response helpful then you can use the "Thank User For This Post" button.
    As i see,a voluntary and unpaid help never can be granted,but though i make this script only for practice purposes,the above mentioned help extremely useful for me,hence i did not thought it could be a problem to thank it beforehand,on the contrary,i tried to be as polite as possible.
    But i see you're a senior member,so i'll follow you advice,and i'll avoid thank the help beforehand.
    Thanks again,have a nice day!

  • #4
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,247
    Thanks
    203
    Thanked 2,556 Times in 2,534 Posts
    Quote Originally Posted by attasz View Post
    Thank you for your help,the script works fine.The purpose to check the multiple instances,that i see people using "aaaaaa","aaaxxx" etc. passwords,i try to filter them.I check the passwords to see if they have special characters and capitals,and the length too,but that part works fine,i only got stuck at this point.BTW,you explanation is useful,i didn't know this topic that thoroughly.
    I don't get your point in this:

    As i see,a voluntary and unpaid help never can be granted,but though i make this script only for practice purposes,the above mentioned help extremely useful for me,hence i did not thought it could be a problem to thank it beforehand,on the contrary,i tried to be as polite as possible.
    But i see you're a senior member,so i'll follow you advice,and i'll avoid thank the help beforehand.
    Thanks again,have a nice day!
    I see that English is not your first language, but surely in any langauge it is impolite to say "You are a total stranger but I need some help - thanks in advance"!


    This may be useful to you:-

    Code:
    var field = "aaabcdeghjk";
    if(/^(.)\1{2,}/i.test(field)) {   //string begins with at least 3 identical characters (case insenstive)
    alert ("Three in a row at the start of the string!")

  • #5
    New Coder
    Join Date
    Nov 2009
    Posts
    62
    Thanks
    9
    Thanked 0 Times in 0 Posts
    I see that English is not your first language
    How did you know that?
    but surely in any langauge it is impolite to say "You are a total stranger but I need some help - thanks in advance"!
    I never though of it this way,but now i see your point.
    In my view this forums are friendly communitys to help each other,so when i open a topic i do want to help to the author,and it makes the situation different from the one you described above.But i don't want to debate, i just wanted to clarify my point,i'll follow you advice.
    Thank you for the new script,i'll try to implement it to perfectly fit my purposes,i want to figure out a quick and efficient way to check the passwords' strength.
    BTW,do you know how a "dictionary check" (check the passwords against a dictionary) works?I should make my dictionary or there is any other solution?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •