在 Python 中构建密码强度检查器

360影视 2025-01-01 06:38 3

摘要:def check_password_strength(password: str) -> tuple[int, list[str]]: """ Check password strength and return score and Feedback. Ar

让我们创建一个密码强度检查器,它不仅仅是简单的字符计数。我们将从基本检查开始,然后构建一个可在实际应用程序中使用的综合解决方案。

def check_password_strength(password: str) -> tuple[int, list[str]]: """ Check password strength and return score and Feedback. Args: password: The password to check Returns: tuple: (score out of 10, list of feedback messages) """ score = 0 feedback = # Check minimum length if len(password) >= 8: score += 2 else: feedback.append("Password should be at least 8 characters long") # Check for numbers if any(char.isdigit for char in password): score += 2 else: feedback.append("Add some numbers") # Check for uppercase letters if any(char.isupper for char in password): score += 2 else: feedback.append("Add uppercase letters") # Check for lowercase letters if any(char.islower for char in password): score += 2 else: feedback.append("Add lowercase letters") # Check for special characters special_chars = "!@#$%^&*_+-={}|;:,.?" if any(char in special_chars for char in password): score += 2 else: feedback.append("Add special characters") # If no feedback was given, password is strong if not feedback: feedback.append("Password is strong") return score, feedback# Example usagetest_passwords = [ "password123", "Password123!", "abc123", "SuperSecure2023!",]for password in test_passwords: score, feedback = check_password_strength(password) print(f"\nPassword: {password}") print(f"Score: {score}/10") print("Feedback:", "\n- ".join([''] + feedback))

这个基本检查器:
- 对密码进行 10 分
- 检查最小长度
- 验证字符种类
- 提供具体的改进反馈

让我们增强我们的检查器以查找常见模式和弱点:

import refrom typing import List, Tupleclass PasswordChecker: def __init__(self): # Common password patterns to check against self.common_patterns = [ r'123', r'abc', r'qwerty', r'password', r'admin', r'letmein' ] # Common character substitutions self.substitutions = { 'a': ['@', '4'], 'i': ['1', '!'], 'e': ['3'], 's': ['$', '5'], 'o': ['0'], 't': ['7'], } def _check_patterns(self, password: str) -> List[str]: """Check for common patterns in password""" feedback = lower_pass = password.lower # Check for common patterns for pattern in self.common_patterns: if pattern in lower_pass: feedback.append(f"Contains common pattern: {pattern}") # Check for repeated characters for i in range(len(password)-2): if password[i] * 3 in password: feedback.append(f"Contains repeated character: {password[i]}") break # Check for keyboard patterns keyboard_rows = [ 'qwertyuiop', 'asdfghjkl', 'zxcvbnm' ] for row in keyboard_rows: for i in range(len(row)-2): if row[i:i+3].lower in lower_pass: feedback.append("Contains keyboard pattern") break return feedback def _check_substitutions(self, password: str) -> List[str]: """Check for common character substitutions""" feedback = lower_pass = password.lower for char, subs in self.substitutions.items: for sub in subs: if sub in password and char not in password: feedback.append( f"Using common substitution: '{sub}' for '{char}'" ) return feedback def check_strength(self, password: str) -> Tuple[int, List[str]]: """ Comprehensive password strength check Args: password: Password to check Returns: Tuple of (score, feedback list) """ score = 0 feedback = # Length checks if len(password) >= 12: score += 3 elif len(password) >= 8: score += 2 feedback.append("Consider using a longer password") else: feedback.append("Password is too short") # Character variety checks has_upper = any(c.isupper for c in password) has_lower = any(c.islower for c in password) has_digit = any(c.isdigit for c in password) has_special = any(not c.isalnum for c in password) varieties = sum([has_upper, has_lower, has_digit, has_special]) score += varieties * 2 if not has_upper: feedback.append("Add uppercase letters") if not has_lower: feedback.append("Add lowercase letters") if not has_digit: feedback.append("Add numbers") if not has_special: feedback.append("Add special characters") # Pattern checks pattern_feedback = self._check_patterns(password) if pattern_feedback: score = max(0, score - len(pattern_feedback)) feedback.extend(pattern_feedback) # Substitution checks sub_feedback = self._check_substitutions(password) if sub_feedback: score = max(0, score - len(sub_feedback)) feedback.extend(sub_feedback) # Final score adjustments score = min(10, score) # Cap at 10 if not feedback: feedback.append("Password is strong") return score, feedback# Example usagechecker = PasswordCheckertest_passwords = [ "password123", "P@ssw0rd", "qwerty123", "Tr0ub4dour&3", "abc123!!!", "SuperSecure2023!",]print("Password Strength Analysis:")for password in test_passwords: score, feedback = checker.check_strength(password) print(f"\nPassword: {password}") print(f"Score: {score}/10") print("Feedback:", "\n- ".join([''] + feedback))

此高级检查器添加:
- 常见模式检测
- 键盘模式检查
- 字符替换分析
- 更细致的评分
- 详细的反馈消息

Entropy 有助于测量密码随机性和不可预测性:

import mathfrom collections import Counterclass EnhancedPasswordChecker(PasswordChecker): def __init__(self): super.__init__ self.min_entropy = 60 # Minimum recommended entropy def calculate_entropy(self, password: str) -> float: """ Calculate password entropy in bits. Higher entropy = more random = stronger password. """ # Count character frequencies char_counts = Counter(password) length = len(password) # Calculate probability of each character probabilities = [count / length for count in char_counts.values] # Calculate Shannon entropy entropy = -sum(p * math.log2(p) for p in probabilities) # Multiply by password length for total entropy return entropy * length def get_character_space(self, password: str) -> int: """Calculate possible character combinations""" has_lower = any(c.islower for c in password) has_upper = any(c.isupper for c in password) has_digit = any(c.isdigit for c in password) has_special = any(not c.isalnum for c in password) space = 0 if has_lower: space += 26 # a-z if has_upper: space += 26 # A-Z if has_digit: space += 10 # 0-9 if has_special: space += 32 # Common special characters return space def check_strength(self, password: str) -> tuple[int, list[str], dict]: """ Enhanced password strength check with entropy Returns: tuple: (score, feedback, detailed_stats) """ score, feedback = super.check_strength(password) # Calculate entropy entropy = self.calculate_entropy(password) char_space = self.get_character_space(password) # Adjust score based on entropy if entropy import hashlibfrom typing import Optionalimport osclass PasswordDatabase: def __init__(self, common_passwords_file: Optional[str] = None): """Initialize with optional path to common passwords file""" self.password_hashes = set # Load some basic common passwords if no file provided if common_passwords_file is None: self._load_basic_passwords else: self._load_from_file(common_passwords_file) def _load_basic_passwords(self): """Load a small set of very common passwords""" common = [ 'password', '123456', 'qwerty', 'letmein', 'admin', 'welcome', 'monkey', 'dragon' ] for password in common: self.add_password(password) def _load_from_file(self, filename: str): """Load passwords from a file""" if os.path.exists(filename): with open(filename, 'r', encoding='utf-8') as f: for line in f: self.add_password(line.strip) def add_password(self, password: str): """Add a password hash to the database""" password_hash = hashlib.sha256( password.encode('utf-8') ).hexdigest self.password_hashes.add(password_hash) def is_compromised(self, password: str) -> bool: """Check if password is in database""" password_hash = hashlib.sha256( password.encode('utf-8') ).hexdigest return password_hash in self.password_hashesclass SecurityPasswordChecker(EnhancedPasswordChecker): def __init__(self): super.__init__ self.password_db = PasswordDatabase def check_variants(self, password: str) -> list[str]: """Check common variations of the password""" variants = # Add original password variants.append(password) # Add lowercase variant variants.append(password.lower) # Add common number suffixes variants.extend([password + str(i) for i in range(100)]) # Add common character substitutions pwd_chars = list(password) for i, char in enumerate(pwd_chars): if char.lower in self.substitutions: for sub in self.substitutions[char.lower]: new_pwd = pwd_chars.copy new_pwd[i] = sub variants.append(''.join(new_pwd)) return variants def check_strength(self, password: str) -> tuple[int, list[str], dict]: """ Check password strength including common password database """ score, feedback, stats = super.check_strength(password) # Check original password and variants variants = self.check_variants(password) compromised_variants = for variant in variants: if self.password_db.is_compromised(variant): compromised_variants.append(variant) if compromised_variants: score = max(0, score - 3) feedback.append( "Password or common variants found in database of compromised passwords" ) # Add security checks to stats stats['variants_checked'] = len(variants) stats['compromised_variants'] = len(compromised_variants) return score, feedback, stats# Example usagechecker = SecurityPasswordCheckerprint("Security Analysis of Passwords:")test_passwords = [ "MyP@ssw0rd2023", "correcthorsebatterystaple", "letmein123", "Kj3#mN9$pQ5&vX"]for password in test_passwords: score, feedback, stats = checker.check_strength(password) print(f"\nPassword: {password}") print(f"Score: {score}/10") print("Feedback:", "\n- ".join([''] + feedback)) print("\nSecurity Statistics:") for key, value in stats.items: print(f"- {key}: {value}")

此增强版本包括:
- 香农熵计算
- 字符空间分析
- 通用密码数据库
- 变体检查
- 详细的安全统计数据

此实现的主要功能:
- 通过熵测量真正的随机性
- 检查常见密码列表
- 考虑密码变体
- 提供全面的安全指标
- 提供可操作的反馈

记得:
- 高分并不能保证安全
- 考虑特定的用例要求
- 定期更新常用密码数据库
- 平衡安全性与可用性
- 使用各种密码类型进行全面测试

这些工具将帮助您创建一个强大的密码检查系统,在捕获常见安全问题的同时为用户提供有意义的反馈。

来源:自由坦荡的湖泊AI一点号

相关推荐