Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 10+ billion breached accounts
Home Page: https://pw-pwnage-protection.glitch.me/
License: MIT License
I notice that in the demo you are checking the API with every keystroke above 5 characters. I think the API should only be called after the minimum number of characters is reached, and only after the typing is finished (so debounce to .3s or so).
I'd suggest 8 for the minimum number of characters to check, as that's the absolute low end of password length among all the security standards and recommendations I've ever read. It seems that there just isn't any such thing as a secure 6-character password.
As for the debounce: AFAIK k-anon protects against disclosing passwords by transmitting only a portion of the hash; but if you transmit that portion on each keystroke, wouldn't that be pretty easy for a bad actor (e.g. MITM, Evil Troy Hunt, etc.) to reconstruct? Even starting with five characters, that's still only tens of billions of possibilities for the most common characters, which means it would be possible for an attacker to start out with a sha1 hashes for all common combos of 5 characters, and then add a character and compare each subsequent hash. I'm not sure about this, but that is why I'm thinking that debouncing is desirable / necessary.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
