• Registered: 2016-07-28
  • Posts: 1,028

Topic: Password strength meter 2

Attached sample project code is provided kindly by Dmitry.


As far as I can understand it measures password strength by character count.
As a result it classifies password 22222222222222 as very strong which is not.
https://s17.postimg.org/oz74nau5r/psm2.png


Beside character count it needs to include;
♦ Lower and uppercase usage
♦ Numbers usage
♦ Special characters usage
♦ Same characters usage
in it's algorithm.


Adding above features are beyond me. Could somebody help please?

Post's attachments

Attachment icon PSM 2.ZIP 7.45 kb, 388 downloads since 2018-03-16 

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2015-12-24
  • Posts: 55

Re: Password strength meter 2

pls. see the attachment.

http://myvisualdatabase.com/forum/misc. … download=1

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

Hi nrmuduli,


Thank you for the sample project.
However, it's still the same though. Pass strength algorithm includes only characters count, rest that I mention on my post #1 is missing... So pw 22222222222222 is still classified as a very strong password while it should be classified as very weak.
Nice reporting of tested password anatomy though.

Adam
God... please help me become the person my dog thinks I am.

4 Reply by derek (edited by derek 2018-03-18 00:51:13)

  • derek
  • derek
  • Moderator
  • Offline
  • Registered: 2015-02-16
  • Posts: 2,672

Re: Password strength meter 2

Hi Adam,
Rather than try to decide whether some passwords (in your example - '2222222') are weak, medium or strong), I'd possibly put some password rules in place that simply wouldn't allow it in the first place.
I've added a couple of examples in the script of Dmitry's Password Strength Meter program - one that doesn't allow for more than 2 repeating identical characters and one that doesn't allow for a basic pattern (ie 1212 or abab or xyxy).  You could add quite few extra ones depending on how far you want to take it.
However, I imagine it would be easy enough to take what I've done and translate it into the 'weak', 'medium' or 'strong' categories.
Hope this helps,
Derek.

Post's attachments

Attachment icon PSM 2a.zip 340.81 kb, 399 downloads since 2018-03-18 

5 Reply by AD1408 (edited by AD1408 2018-03-22 11:19:51)

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

Hi Derek,


Thank you very much for the sample project........


However, I imagine it would be easy enough to take what I've done and translate it into the 'weak', 'medium' or 'strong' categories.

Tried but couldn't do it.


As far as I can see currently (sample project I've attached on post#1) it checks only the length. How can we incorporate LowerCase, UpperCase, Numbers and Symbols beside repeating characters and pattern into each category?

Adam
God... please help me become the person my dog thinks I am.

6 Reply by derek (edited by derek 2018-03-23 00:29:38)

  • derek
  • derek
  • Moderator
  • Offline
  • Registered: 2015-02-16
  • Posts: 2,672

Re: Password strength meter 2

Hi Adam,
As I understand it, Dmitry's password strength app DOES evaluate all the criteria and not just length.  The length of any password is calculated and then it's strength is rated depending on whether instances of 'lowercase', 'uppercase', 'numbers' and 'special characters' occur within that password length.
For example, Dmitry takes a password that has a length of 9 and grades it 'very strong' if it has instances of 'lowercase', 'uppercase', 'numbers' and 'special characters', downgrades it to 'strong' if it doesn't use 'special characters, downgrades it further to 'medium' if it doesn't use 'numbers' etc etc.
In incorporating 'repeating characters' and 'patterns' (see attached), I've simply downgraded the rating by 2 levels, but it's arbitrary and you could set it to whatever level you decide on.
Derek.

Post's attachments

Attachment icon PSM 2b.zip 341 kb, 402 downloads since 2018-03-23 

7 Reply by AD1408 (edited by AD1408 2018-03-23 01:44:41)

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

Hi Derek,


Thank you very much for the latest update..................


For example, Dmitry takes a password that has a length of 9 and grades it 'very strong' if it has instances of 'lowercase', 'uppercase', 'numbers' and 'special characters', downgrades it to 'strong' if it doesn't use 'special characters, downgrades it further to 'medium' if it doesn't use 'numbers' etc etc.

That's what I thought at first. I could see there were code for all those but when I entered 22222222222222 it rated as very strong? As you can see there are no instances of LowerCase, UpperCase and Symbols. Only numbers.


Your added lines stops it at Medium on repeating and patterns characters use.
However, currently I get followings:


passwords           Strength
---------------------------------------
0123456789         = Medium
01234567891       = Strong
01234567891012 = Very Strong


aabbccddee       = Medium
aabbccddeeffg   = Strong
aabbccddeeffgg = Very Strong


As you can see one contains only number and other is alphabet characters. IMHO, beside measuring the password length, repeating characters, numbers and patterns (patterns at certain degree; basic ones would be sufficient for me as you already have added in):
Medium strength password should at least contains; numbers and characters or numbers and symbols or characters and symbols with at least one upper or lower case.


Strong strength password should at least contains; numbers, characters and symbols with at least one upper or lower case.


Very Strong strength password should at least contains; numbers, characters and symbols with at least two upper or lower case.

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

Could anybody help with the above (my previous post #7) please?


Script is in Derek's post#6 ( PSM 2b.zip)

Adam
God... please help me become the person my dog thinks I am.

9 Reply by AD1408 (edited by AD1408 2018-03-28 04:04:43)

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

...
However, currently I get followings:


passwords           Strength
---------------------------------------
0123456789         = Medium
01234567891       = Strong
01234567891012 = Very Strong


aabbccddee       = Medium
aabbccddeeffg   = Strong
aabbccddeeffgg = Very Strong

...
Medium strength password should at least contains; numbers and characters or numbers and symbols or characters and symbols with at least one upper or lower case.


Strong strength password should at least contains; numbers, characters and symbols with at least one upper or lower case.


Very Strong strength password should at least contains; numbers, characters and symbols with at least two upper or lower case.


AD1408 wrote:

Could anybody help with the above (my previous post #7) please?


Script is in Derek's post#6 ( PSM 2b.zip)



Hi Dmitry,


It seems nobody else around or can help.
Could you please help?


If you could just do the;
Very Strong strength password should at least contains; numbers, characters and symbols with at least two upper or lower case.
then I'll try to apply it strong and medium.


Here is the full script:

function StrengthMeter(sPassword: string): string;
var
LowerCase, UpperCase, Numbers, Symbols, Repeating, Pattern: boolean;
iLength, i: integer;

begin
LowerCase := False;
UpperCase := False;
Numbers   := False;
Symbols   := False;
Repeating := False;
Pattern   := False;

iLength := Length(sPassword);

for i := 1 to iLength do     // looks for the same character being repeated more than twice
   if ((ord(sPassword[i])) = (ord(sPassword[i+1]))) and ((ord(sPassword[i])) = (ord(sPassword[i+2]))) then Repeating := true;

for i := 1 to iLength do     // looks for a 2 digit recurring pattern (ie 121212 or ababab etc)
   if ((ord(sPassword[i])) = (ord(sPassword[i+2]))) and ((ord(sPassword[i+1])) = (ord(sPassword[i+3]))) then Pattern := true;

for i := 1 to iLength do
   if (ord(sPassword[i]) >= 97) and (ord(sPassword[i]) <= 122) then LowerCase := True;

for i := 1 to iLength do
   if (ord(sPassword[i]) >= 65) and (ord(sPassword[i]) <= 90) then UpperCase := True;

for i := 1 to iLength do
   if (ord(sPassword[i]) >= 48) and (ord(sPassword[i]) <= 57) then Numbers := True;

for i := 1 to iLength do
   if not((ord(sPassword[i]) >= 97) and (ord(sPassword[i]) <= 122)) and
      not((ord(sPassword[i]) >= 65) and (ord(sPassword[i]) <= 90)) and
      not((ord(sPassword[i]) >= 48) and (ord(sPassword[i]) <= 57)) then Symbols := True;

   if iLength <= 4 then result := 'Very weak';
   if (iLength >=5) and (iLength <=6) then
      begin
      if LowerCase and UpperCase and Numbers and Symbols then result := 'Medium'
      else if LowerCase and UpperCase and Numbers then result := 'Weak'
      else if LowerCase and UpperCase then result := 'Weak'
      else result := 'Very weak';
      if Repeating or Pattern then result := 'Very weak';
      end;

   if (iLength >=7) and (iLength <=8) then
      begin
      if LowerCase and UpperCase and Numbers and Symbols then result := 'Strong'
      else if LowerCase and UpperCase and Numbers then result := 'Medium'
      else if LowerCase and UpperCase then result := 'Weak'
      else result := 'Weak';
      if Repeating or Pattern then result := 'Weak';
      end;

    if (iLength >=9) and (iLength <=10) then
       begin
       if LowerCase and UpperCase and Numbers and Symbols then result := 'Very Strong'
       else if LowerCase and UpperCase and Numbers then result := 'Strong'
       else if LowerCase and UpperCase then result := 'Medium'
       else result := 'Medium';
       if Repeating or Pattern then result := 'Weak';
       end;

    if (iLength >=11) and (iLength <=13) then
       begin
       if LowerCase and UpperCase and Numbers and Symbols then result := 'Very Strong'
       else if LowerCase and UpperCase and Numbers then result := 'Very Strong'
       else if LowerCase and UpperCase then result := 'Strong'
       else result := 'Strong';
       if Repeating or Pattern then result := 'Weak';
       end;

    if (iLength >=14) then
       begin
       if Repeating or Pattern then result := 'Medium'
       else result := 'Very Strong';
       end;
 end;



procedure Form1_Edit1_OnChange (Sender: string; vdup: string);
begin
Form1.Label1.Caption := StrengthMeter(Form1.Edit1.Text);

//Clearing strengt panel when password field is empty
if not (Form1.Edit1.text = '') then
   begin
   Form1.pnStrength.Visible := true;
   end else
   begin
   Form1.pnStrength.Visible := false;
   end;

// Coloring the strengt panel according the strength label text
if Form1.Label1.Caption = 'Very weak' then
   begin
   Form1.pnStrength.Color := clRed; // Very weak
   end;

if Form1.Label1.Caption = 'Weak' then
   begin
   Form1.pnStrength.Color := $0000009F; // Weak
   end;

if Form1.Label1.Caption = 'Medium' then
   begin
   Form1.pnStrength.Color := $000074DD; // Medium
   end;

if Form1.Label1.Caption = 'Strong' then
   begin
   Form1.pnStrength.Color := $00C08000; // Strong
   end;

if Form1.Label1.Caption = 'Very Strong' then
   begin
   Form1.pnStrength.Color := $0000A800; // Very Strong
   end;
end;



begin

end.
Adam
God... please help me become the person my dog thinks I am.
  • derek
  • derek
  • Moderator
  • Offline
  • Registered: 2015-02-16
  • Posts: 2,672

Re: Password strength meter 2

Adam,
This comes at it from a slightly different direction.
I give a basic weighting to key elements of  'uppercase', 'lowercase', 'numbers' and 'symbols' and keep a running total of which element has been used and which hasn't (I haven't scripted to look for whether an element is used more than once but you could code for it and presumably reflect it in the weighting). 
I then incrementally increase the running total based on the overall length of the password (length still has to be taken into account, imho).
I then make any deductions based on issues such as detected patterns, repeated sequences etc (again, it's up to you what you want to try and trap).
But the weighting and the calculation  - indeed, the whole topic of what constitutes a 'good' password, is totally arbitrary.
I've left the character count and the running score visible on the form to make testing easier.
Derek.

Post's attachments

Attachment icon PSM 2c.zip 340.36 kb, 399 downloads since 2018-03-28 

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

Hi Derek,


Thank you very much for the latest update............
Your kind help always appreciated...........


However, it still is not there.
It still says very strong for just typing numbers without any other type of characters. i.e. 12345678908754098654321235678899654 is classified as very strong which is not. Counting length is needed but it's not enough.


For me password classified as very strong should contains at least; 2 different uppercase, 2 different lowercase characters, 2 different numbers and 2 different symbols. If these are missing then it shouldn't classify the password as very strong regardless how many hundredths of numbers or alphabet characters it includes.


Unfortunately, script is beyond my understanding atm.

for i := 1 to iLength do     // looks for lower case
        if (ord(sPassword[i]) >= 97) and (ord(sPassword[i]) <= 122) then LowerCase := True;

All I can understand from the above script is; look for the length and if length is as specified lowerCase is true. What happens if there is no lowerCase, which is not defined? Is ord stands for order?

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2014-11-13
  • Posts: 370

Re: Password strength meter 2

Hello!  AD1408
See this example of a password generator.
You can change the encryption

Post's attachments

Attachment icon password.rar 298.55 kb, 418 downloads since 2018-03-29 

Domebil

domebil's Website

  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

Hi domebil,


Thank you very much for the password generator example......
I already have a good password generator coded by EHW.
I'm trying to get a script that measures entered password strength properly. Your example same as what's posted here inrespect of password strength measurement.

It still says very strong for just typing numbers without any other type of characters. i.e. 12345678908754098654321235678899654 is classified as very strong which is not. Counting length is needed but it's not enough.


For me password classified as very strong should contains at least; 2 different uppercase, 2 different lowercase characters, 2 different numbers and 2 different symbols. If these are missing then it shouldn't classify the password as very strong regardless how many hundredths of numbers or alphabet characters it includes.


Unfortunately, script is beyond my understanding atm.

....
All I can understand from the above script is; look for the length and if length is as specified lowerCase is true. What happens if there is no lowerCase, which is not defined? Is ord stands for order?

Adam
God... please help me become the person my dog thinks I am.
  • Registered: 2016-07-28
  • Posts: 1,028

Re: Password strength meter 2

AD1408 wrote:

...
However, currently I get followings:


passwords           Strength
---------------------------------------
0123456789         = Medium
01234567891       = Strong
01234567891012 = Very Strong


aabbccddee       = Medium
aabbccddeeffg   = Strong
aabbccddeeffgg = Very Strong

...
Medium strength password should at least contains; numbers and characters or numbers and symbols or characters and symbols with at least one upper or lower case.


Strong strength password should at least contains; numbers, characters and symbols with at least one upper or lower case.


Very Strong strength password should at least contains; numbers, characters and symbols with at least two upper or lower case.


AD1408 wrote:

Could anybody help with the above (my previous post #7) please?


Script is in Derek's post#6 ( PSM 2b.zip)



Hi Dmitry,


It seems nobody else around or can help.
Could you please help?


If you could just do the;
Very Strong strength password should at least contains; numbers, characters and symbols with at least two upper or lower case.
then I'll try to apply it strong and medium.


Here is the full script:

function StrengthMeter(sPassword: string): string;
var
LowerCase, UpperCase, Numbers, Symbols, Repeating, Pattern: boolean;
iLength, i: integer;

begin
LowerCase := False;
UpperCase := False;
Numbers   := False;
Symbols   := False;
Repeating := False;
Pattern   := False;

iLength := Length(sPassword);

for i := 1 to iLength do     // looks for the same character being repeated more than twice
   if ((ord(sPassword[i])) = (ord(sPassword[i+1]))) and ((ord(sPassword[i])) = (ord(sPassword[i+2]))) then Repeating := true;

for i := 1 to iLength do     // looks for a 2 digit recurring pattern (ie 121212 or ababab etc)
   if ((ord(sPassword[i])) = (ord(sPassword[i+2]))) and ((ord(sPassword[i+1])) = (ord(sPassword[i+3]))) then Pattern := true;

for i := 1 to iLength do
   if (ord(sPassword[i]) >= 97) and (ord(sPassword[i]) <= 122) then LowerCase := True;

for i := 1 to iLength do
   if (ord(sPassword[i]) >= 65) and (ord(sPassword[i]) <= 90) then UpperCase := True;

for i := 1 to iLength do
   if (ord(sPassword[i]) >= 48) and (ord(sPassword[i]) <= 57) then Numbers := True;

for i := 1 to iLength do
   if not((ord(sPassword[i]) >= 97) and (ord(sPassword[i]) <= 122)) and
      not((ord(sPassword[i]) >= 65) and (ord(sPassword[i]) <= 90)) and
      not((ord(sPassword[i]) >= 48) and (ord(sPassword[i]) <= 57)) then Symbols := True;

   if iLength <= 4 then result := 'Very weak';
   if (iLength >=5) and (iLength <=6) then
      begin
      if LowerCase and UpperCase and Numbers and Symbols then result := 'Medium'
      else if LowerCase and UpperCase and Numbers then result := 'Weak'
      else if LowerCase and UpperCase then result := 'Weak'
      else result := 'Very weak';
      if Repeating or Pattern then result := 'Very weak';
      end;

   if (iLength >=7) and (iLength <=8) then
      begin
      if LowerCase and UpperCase and Numbers and Symbols then result := 'Strong'
      else if LowerCase and UpperCase and Numbers then result := 'Medium'
      else if LowerCase and UpperCase then result := 'Weak'
      else result := 'Weak';
      if Repeating or Pattern then result := 'Weak';
      end;

    if (iLength >=9) and (iLength <=10) then
       begin
       if LowerCase and UpperCase and Numbers and Symbols then result := 'Very Strong'
       else if LowerCase and UpperCase and Numbers then result := 'Strong'
       else if LowerCase and UpperCase then result := 'Medium'
       else result := 'Medium';
       if Repeating or Pattern then result := 'Weak';
       end;

    if (iLength >=11) and (iLength <=13) then
       begin
       if LowerCase and UpperCase and Numbers and Symbols then result := 'Very Strong'
       else if LowerCase and UpperCase and Numbers then result := 'Very Strong'
       else if LowerCase and UpperCase then result := 'Strong'
       else result := 'Strong';
       if Repeating or Pattern then result := 'Weak';
       end;

    if (iLength >=14) then
       begin
       if Repeating or Pattern then result := 'Medium'
       else result := 'Very Strong';
       end;
 end;



procedure Form1_Edit1_OnChange (Sender: string; vdup: string);
begin
Form1.Label1.Caption := StrengthMeter(Form1.Edit1.Text);

//Clearing strengt panel when password field is empty
if not (Form1.Edit1.text = '') then
   begin
   Form1.pnStrength.Visible := true;
   end else
   begin
   Form1.pnStrength.Visible := false;
   end;

// Coloring the strengt panel according the strength label text
if Form1.Label1.Caption = 'Very weak' then
   begin
   Form1.pnStrength.Color := clRed; // Very weak
   end;

if Form1.Label1.Caption = 'Weak' then
   begin
   Form1.pnStrength.Color := $0000009F; // Weak
   end;

if Form1.Label1.Caption = 'Medium' then
   begin
   Form1.pnStrength.Color := $000074DD; // Medium
   end;

if Form1.Label1.Caption = 'Strong' then
   begin
   Form1.pnStrength.Color := $00C08000; // Strong
   end;

if Form1.Label1.Caption = 'Very Strong' then
   begin
   Form1.pnStrength.Color := $0000A800; // Very Strong
   end;
end;


begin

end.

Dmitry,
anything?

Adam
God... please help me become the person my dog thinks I am.