-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Repeated combining diacritics cause unexpected zero score #12
Comments
Hi, Our handling of non-ascii passwords is indeed not ideal. The bug might be either in repeatMatch or in the way we compute the scoring... Both parts should probably be rewritten to work on runes (but the rewrite is probably not trivial). By curiosity: have you tried running this test with the "upstream" dropbox zxcvbn library ? I'm curious about the result. |
Hi! It seems the dropbox zxcvbn node package gives score of 4 for both strings I used in the description: {
"requires": true,
"lockfileVersion": 1,
"dependencies": {
"zxcvbn": {
"version": "4.4.2",
"resolved": "https://registry.npmjs.org/zxcvbn/-/zxcvbn-4.4.2.tgz",
"integrity": "sha1-KOwXzwl0PtyrBW3dixsGJizHPDA="
}
}
}
|
When a combining diacritic character is repeated in consecutive runes, the
PasswordStrength
function gives a score of 0. For example the string below where the \u0300 rune appears twice after the initial A:However, if the repeated combining characters are at the end of the string the score is still high:
I've not been able to look into this very deeply but disabling the
repeatMatch
inOmnimatch
results in score of 4.The text was updated successfully, but these errors were encountered: