This is slightly off-topic, but since most of the users on this list deal with security, I thought someone might be able to help. I'm looking for a smart password validation implementation to draw inspiration from. Even better if it calculates password strength.
I'm not expecting it to perfectly meet my needs, so it doesn't need to be a packaged jar file or anything. I'm just looking for some code that does some intelligent password checks, perhaps including length, presence of upper/lowercase letter, presence of alpha and numeric characters, presence of symbols, dictionary checks, and so forth. I don't want to make something too restrictive that my users have to write their password on something to remember it, but I do want to rule out stupid passwords like "password", "pass1234", etc. I'm using Hibernate Validator, and am building a custom ConstraintValidator to verify that the supplied password is deemed "strong" enough. So the validator will calculate a "password strength" of 0 to 100% and return valid if the strength X% or higher (maybe 80%?). If the password is lower, then the validator fails and it returns the calculated strength in the ConstraintViolation object so it could be used by my UI. I'm implementing something simple right now, but if any useful code exists, it would be nice to check it out. Thanks in advance! Tauren
