-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use CharSequence not String as input type for Zxcvbn.measure #64
Conversation
…harSequence. This gives a lot more flexibility in what format the password can be in. The Strength object that is returned also now has a wipe() method to clear sensitive content. This patch also attempts to avoid using Strings for any sensitive intermediate objects.
…harSequence. Adding WipeableString class that was missed from previous commit.
This patch resolves issue #31. |
I'd be interested to know whether the changes to DictionaryGuess.uppercaseVariations are safe. I've switched from regular expression matching strings to comparing characters, as I believe that the code was just counting upper & lower case characters. However, I'm not 100% convinced that the new code has exactly the same results as the old code in all possible cases. Does it matter? |
Functionally, I think this also covers what JavaPortTest and MeasureTest cover, so those tests may now be redundant.
@SteveLeach-Keytree I think there is no problem switching from regular expression matching strings to character comparisons. Please take a moment to review. Thanks. |
Sorry, I'm not that familiar with the Github PR workflow. What exactly would you like me to review? |
Hi @vvatanabe - could you clarify what I need to review, and if there is anything else I need to do to get this PR merged? |
While waiting for this PR to be merged I thought I might as well investigate and fix issue #49, so that is now also covered by this PR. |
Are there any other maintainers who can merge this? |
Is this project dead now? |
@SteveLeach-Keytree |
Thanks for the PR. I was very happy to see this has been implemented in 1.3.0. I was just about to make a PR myself, when I stumbled upon the new release 😄 |
Issue 31 - change parameter type for Zxcvbn.measure() from String to CharSequence.
This gives a lot more flexibility in what format the password can be in.
The Strength object that is returned also now has a wipe() method to clear sensitive content.
This patch also attempts to avoid using Strings for any sensitive intermediate objects.