Skip to content

NirmalKBandara/Password-Strength-Analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
__pycache__
__pycache__
 
 
App.py
App.py
 
 
Dockerfile
Dockerfile
 
 
Readme.md
Readme.md
 
 
commonpwd.txt
commonpwd.txt
 
 
product1.py
product1.py
 
 
product2.py
product2.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Password Strength Analyzer

A Python-based desktop application that analyzes the strength of passwords and checks if they have been compromised in data breaches.

Description

This application helps users evaluate the security of their passwords. It calculates password strength based on character composition (uppercase, lowercase, numbers, symbols) and queries the Have I Been Pwned (HIBP) API securely (using SHA-1 hashing and the k-Anonymity model) to determine if the password has appeared in any known public data breaches.

Features

  • Graphical User Interface (GUI): A user-friendly interface built with tkinter.
  • Strength Analysis: Analyzes password strength based on length, uppercase/lowercase letters, digits, and special characters.
  • Breach Detection: Checks the password against compromised password databases using the Have I Been Pwned API securely.
  • Common Password Check: Verifies if the password is among the list of commonly used weak passwords.

Technologies Used

  • Python 3.x
  • Tkinter (Standard Python GUI library)
  • Requests (For handling HTTP API calls)
  • Hashlib (For secure SHA-1 password hashing)
  • RegEx (Regular expressions for pattern matching)
  • Docker (For containerization)

File Structure

  • App.py: The main entry point of the application. It handles the Tkinter GUI and manages background threads for API calls to prevent the UI from freezing.
  • product1.py: Contains core functions for analyzing the structural strength of the password (e.g., counting uppercase letters, lowercase letters, etc.).
  • product2.py: Handles secure password hashing and communication with the Have I Been Pwned API to check for breaches.
  • commonpwd.txt: A local text file containing a large dataset of commonly used and easily guessable passwords.
  • Dockerfile & requirements.txt: Configuration files for running the app within a Docker container.

Installation & Setup

  1. Clone the repository
git clone https://github.com/nirmalkbandara/password-strength-analyzer.git
cd password-strength-analyzer
  1. Install Required Packages

Ensure you have Python installed. You can install all dependencies via requirements.txt:

pip install -r requirements.txt
  1. Run the Application locally

Execute the main application file:

python App.py

Running with Docker (Windows)

Since this is a GUI application (Tkinter), running it in Docker on Windows requires an X Server (like VcXsrv).

  1. Install VcXsrv and run XLaunch.

    • Choose "Multiple windows"
    • "Start no client"
    • Check "Disable access control" (Important)

  2. Build the Docker Image:

    docker build -t password-analyzer .

  3. Run the Container (Replace <Your-IP> with your Windows machine's local IPv4 address):

    docker run -it --rm -e DISPLAY=<Your-IP>:0.0 password-analyzer

Privacy & Security

This application does not send your plain text password over the internet. It uses the k-Anonymity model designed by Have I Been Pwned:

  1. The password is hashed locally using SHA-1.
  2. Only the first 5 characters of the hash are sent to the API.
  3. The API returns a list of matching hashes, and the application locally verifies if the full hash matches any of them.

Implementation

To see how I implemented it, code by code go to this link below

Contributions, issues, and feature requests are welcome!

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages