PERSONAL PROJECT

Password Strength Analyzer (Python CLI)

Password strength analyzer — entropy, regex, HaveIBeenPwned (Python CLI)

Context

A command-line tool that rigorously evaluates password strength without ever transmitting the password in plain text. Built as a security-focused personal project to explore Python's regex engine, entropy math, and privacy-preserving API design.

The tool runs interactively in the terminal, masks input at the prompt, and produces a full structured report in one pass.

What I built

Entropy calculation based on character-pool size and password length (bits), with a 0–100 composite score.
Regex-based pattern detection: repeated characters, numeric/alphabetic sequences, keyboard walks (qwerty/azerty), embedded years, and long digit runs.
Dictionary matching against a curated list of 30+ common passwords and base words.
Crack-time estimation at three attack speeds (10k/s, 1M/s, 1B/s) using the full search-space formula.
HaveIBeenPwned integration using the k-anonymity model: only the first 5 characters of the SHA-1 hash are sent to the API — the actual password never leaves the machine.
ANSI-colored terminal output with a progress bar, per-criterion checklist, and actionable improvement suggestions.

Key technical choices

Entropy model: log₂(pool^length) — character-pool aware
HIBP privacy: k-anonymity — only 5-char SHA-1 prefix sent
Pattern engine: 9 compiled regex rules (RE_REPEAT, RE_SEQ_NUM, RE_KEYBOARD…)
Score range: 0–100 with length, complexity, entropy bonuses & penalties
Dependencies: stdlib only (re, hashlib, math, getpass) + optional requests

Run it

# No install needed — stdlib only (requests optional for HIBP)
python password_checker.py

Screenshots