Metadata-Version: 2.1
Name: fast-password-validation
Version: 0.1.2
Summary: Drop-in replacement for Django's CommonPasswordValidator with 4x speed and ⅓ memory usage
Home-page: https://git.sr.ht/~kravietz/django-fast-common-passwords-validator
Author: Paweł Krawczyk
Author-email: pawel.krawczyk@hush.com
License: GPLv3
Keywords: django,password,validation
Platform: UNKNOWN
Classifier: Framework :: Django :: 3.0
Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.5
Classifier: Development Status :: 4 - Beta
Classifier: Topic :: Security
Description-Content-Type: text/markdown
Requires-Dist: Django
Requires-Dist: bloom-filter

[![builds.sr.ht status](https://builds.sr.ht/~kravietz/django-fast-common-passwords-validator.svg)](https://builds.sr.ht/~kravietz/django-fast-common-passwords-validator?)

# FastCommonPasswordValidator
A faster drop-in replacement for Django built-in
[CommonPasswordValidator](https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#enabling-password-validation).
With the default password list it has 4x lookup speed gain and 30% memory savings
and these results will be even better with larger password lists.

Validate whether the password is a listed common password. By default, will use built-in list of 20k
common  passwords (lowercase and deduplicated) by
[Royce Williams](https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7). If called with
a file name, it will load passwords one-per-line and use for subsequent checks.

## Why?

The original class loads a static list of 20k passwords into memory and scans through it each time it's called, which is...
far from being optimal. From Django maintainers point of view it has one advantage: it does not require 
any extra dependencies, which was the main reason that class was included into the default Django distribution
while [this wasn't](https://github.com/django/django/pull/11840) and is available as an extra module.

## Compiling your own password list

Initialize a new Bloom filter from your data:

```python
from bloom_filter import BloomFilter
import pathlib

approx_number_of_lines = 20_000 # or whatever your file has
bloom = BloomFilter(max_elements=approx_number_of_lines, error_rate=0.001)

with pathlib.Path('mypasswords.txt').open() as f:
    for line in f.readlines():
        line = line.strip()
        if len(line.strip()) > 0 and not line.startswith('#'):
            bloom.add(line)

# test if it works
'password77' in bloom # should be True
'PLWmV6Zh3viv' in bloom # should be False (but see on false positives below)
```
And dump it as a file using [pickle](https://docs.python.org/3/library/pickle.html) module:
```python
import pickle
with open('myawesomepasswords.dat') as f:
    pickle.dump(f, bloom)
```

## False positives

Bloom filter is a probabilistic structure. The filter is by default configured for 0.001 (0.1%) error rate which
means on 1000 checks in will falsely report 1 password on average as "common" even if it was not in the original
list. In practical applications it's not really a hill to die on, and it might actually bump the respect for your
prophetic skills among the users.


