← Back to projects
PERSONAL PROJECT
Password Strength Analyzer (Python CLI)
Password strength analyzer — entropy, regex, HaveIBeenPwned (Python CLI)
Context
Personal security-focused CLI tool: rigorously evaluates password strength without ever transmitting the password in plain text. Built to explore Python's regex engine, entropy mathematics, and privacy-preserving API design (HaveIBeenPwned k-anonymity). Runs interactively in the terminal and produces a full structured report in one pass.
Features Built
- Entropy calculation: log₂(pool^length) character-pool-aware — composite 0–100 score
- 9 compiled regex rules: repeated chars, numeric/alphabetic sequences, keyboard walks (qwerty/azerty), embedded years
- Dictionary matching against 30+ common passwords and base words
- Crack-time estimation at 3 attack speeds (10k/s, 1M/s, 1B/s)
- HaveIBeenPwned integration via k-anonymity: only the first 5 SHA-1 chars sent to the API — the password never leaves the machine
- ANSI-colored terminal output with progress bar, per-criterion checklist and improvement suggestions
Stack & Technologies
- Python 3 stdlib — re, hashlib (SHA-1), math, getpass (input masking)
- Compiled regex — 9 rules (RE_REPEAT, RE_SEQ_NUM, RE_KEYBOARD...)
- HIBP k-anonymity — only 5-char SHA-1 prefix sent to the API
- requests (optional) — HaveIBeenPwned API call
- ANSI escape codes — colored output and terminal progress bar
- Zero mandatory dependencies — runs on stdlib alone
How It Works
- 1Secure inputgetpass.getpass() used to mask password entry in the terminal — never displayed in plain text.
- 2Entropy & scoreCharacter pool detected (lowercase, uppercase, digits, special). Entropy computed: log₂(pool^length). Composite 0–100 score with length and complexity bonuses.
- 3Pattern analysis9 compiled regex rules applied: repetitions, sequences, keyboard walks, embedded years. Each detected pattern penalizes the score.
- 4HIBP checkSHA-1 hash of the password computed. Only the first 5 characters sent to the HIBP API (k-anonymity). Response analyzed for breach detection — password never revealed.
- 5
Key Technical Choices
log₂(pool^length)
Entropy model
Character-pool aware
k-anonymity
HIBP privacy
Only 5 SHA-1 chars sent
9 regex rules
Pattern engine
RE_REPEAT, RE_SEQ_NUM, RE_KEYBOARD...
0–100
Score
Length, complexity, entropy bonuses + penalties
Zero required
Dependencies
stdlib only (requests optional)
Screenshots