Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discrepancy in password score between this version and the original package #84

Closed
TheAlexPorter opened this issue Jan 27, 2021 · 9 comments
Closed

Discrepancy in password score between this version and the original package #84

TheAlexPorter opened this issue Jan 27, 2021 · 9 comments
Labels
help wanted

Comments

@TheAlexPorter
Copy link

TheAlexPorter commented Jan 27, 2021
edited
Loading

Hi all,

I'm using zxcvbn4j on the backend and the original zxcvbn from dropbox on the front end. When I use the following example password, I get two different scores.

Password: Sigma@123

With zxcvbn4j I get 2, but with zxcvbn I get 3. If we use the demo tool, we can see that 3 is the expected score.

Any thoughts on how we can get this library to match the original version's output?
@Stephen2
Copy link

Agree 👍 replicated using 1.3.0 and 1.3.4

@vvatanabe
Copy link
Member

I'll investigate.

@TheAlexPorter
Copy link
Author

TheAlexPorter commented Feb 9, 2021
edited
Loading

Hi all, any update on this? Were you able to replicate the issue @vvatanabe?

@vvatanabe
Copy link
Member

@TheAlexPorter Yes, I able to replicate this issue. But we're still investigating the cause.

@mrFloony
Copy link

@vvatanabe, I briefly compared the processing of zxcvbn4j and zxcvbn dropbox (demo tool in https://lowe.github.io/tryzxcvbn/)
In the demo tool, the password Sigma@123 is divided into "Sigma@" ('bruteforce') and "123" ('sequence').
In the zxcvbn4j, the password is divided into "Sigma" ('dictionary') and "@123" ('spatial').

Therefore, it is not known which result from the libraries will be considered correct, since 'bruteforce' is not very suitable for dropbox.

@Emi75 Emi75 mentioned this issue May 16, 2022
Open
@Emi75
Copy link

Emi75 commented May 16, 2022
edited
Loading

We have the same issue in the latest version - dropbox/zxcvbn#320
@vvatanabe Any feedback on this issue or the project is not still mantained?
Thanks in advance.

@vvatanabe
Copy link
Member

@Emi75 Sorry, I have too much scheduled and it's hard to make time. I need some help ;D

vvatanabe added a commit that referenced this issue Aug 18, 2023
@vvatanabe
fix: improved SpatialMatcher decision logic (#84) (#129)
94e2ff3
@vvatanabe vvatanabe mentioned this issue Aug 18, 2023
Merged
vvatanabe added a commit that referenced this issue Aug 18, 2023
@vvatanabe
Merge pull request #147 from nulab/fix-the-discrepancy-in-password-sc…
91deed7 
…ores-between-zxcvbn-and-zxcvbn4j

fix: improved SpatialMatcher decision logic (#84) (#129)
@vvatanabe
Copy link
Member

@TheAlexPorter @Stephen2 @mrFloony @Emi75
Sorry for the wait! It took longer than expected, but I was able to fix this issue! Please use version 1.8.1.
https://github.com/nulab/zxcvbn4j/releases/tag/1.8.1

@Stephen2
Copy link

Thank you @vvatanabe :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Stephen2 @TheAlexPorter @vvatanabe @Emi75 @mrFloony