zxcvbn VS prs

Compare zxcvbn vs prs and see what are their differences.

zxcvbn

Low-Budget Password Strength Estimation (by dropbox)
Suggest topics
Source Code
usenix.org
Suggest alternative
Edit details

prs

🔐 A secure, fast & convenient password manager CLI using GPG and git to sync. (by timvisee)
Pass Rust CLI Git Gpg HacktoberFest
Source Code
gitlab.com
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
zxcvbn prs
59 7
14,682 193
0.5% -
0.0 7.2
2 months ago about 2 months ago
CoffeeScript Rust
MIT License GNU General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

zxcvbn

Posts with mentions or reviews of zxcvbn. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-01-17.
  • Show HN: A lightweight PHP library for checking password strength
    2 projects | news.ycombinator.com | 17 Jan 2024
    Lightweight is an understatement here.

    A client's project (with not necessarily technical customers) has had pretty reasonable success using the Dropbox originated library[1] for this, `zxcvbn`[2], on both frontend via js (for "instant" feedback) and on the backend via php (to enforce the requirements when writing password hashes to the database)

    1: https://dropbox.tech/security/zxcvbn-realistic-password-stre...

    2: https://github.com/dropbox/zxcvbn

  • Zxcvbn: Low-Budget Password Strength Estimation – Usenix (2016)
    1 project | news.ycombinator.com | 5 Sep 2023
  • I updated our famous password table for 2023
    1 project | /r/coolguides | 18 Apr 2023
    use zxcvbn to check your password strength more thoroughly
  • I hope the common password whitelisters at Microsoft still get therapy benefits to share the unobfuscated language they were subjected to.
    1 project | /r/ProgrammerHumor | 5 Apr 2023
    source if anyone wants the whole list https://github.com/dropbox/zxcvbn/blob/master/data/passwords.txt
  • How long can a password be with the new login system?
    1 project | /r/runescape | 1 Apr 2023
    Password strength is evaluated based on the zxcvbn library.
  • How hard could it be? Sorting words alphabetically in Rust
    2 projects | /r/rust | 23 Mar 2023
    In contrast, let's consider the password "zxcvbn214". How might we assign an entropy to this password? Is it 369? Or 266 * 103? Anyone familiar with a QWERTY keyboard or Dropbox's password strength estimator knows that "zxcvbn" is hardly a random sequence of letters. This same principle applies to "l33t" speak, e.g. replacing all "e"s with 3s and "a"s with 4s. These strategies may "trick" simple entropy calculations into estimating a high entropy, but it won't trick sophisticated attackers. This leads to strength over-estimation, which is, I argue, the worst thing we can do in this context.
  • Zxcvbn: Low-Budget Password Strength Estimation
    1 project | news.ycombinator.com | 17 Feb 2023
  • TIL There's Another YAML
    2 projects | news.ycombinator.com | 16 Feb 2023
    > except for ZXCVBN

    You mean the Low-Budget Password Strength Estimator?

    https://github.com/dropbox/zxcvbn

    Yeah, that name is totally legit.

  • Which tool can crack this password so fast?
    3 projects | /r/Bitwarden | 12 Feb 2023
    For any part of the password that the zxcvbn cannot match to a known pattern, it uses a brute-force cardinality of 10, i.e., it estimates that the number of guesses required to crack a password or password segment of length N is equal to 10N (equivalent to the number of guesses required to exhaust all possibilities if your password consisted only of numbers).
  • Bitwarden Design Flaw
    5 projects | news.ycombinator.com | 23 Jan 2023
    We took a similar approach to passphrase stretching in EnvKey[1] v1 (EnvKey is a secrets manager, not a passwords manager, but uses end-to-end encryption in a similar way). We used PBKDF2 with iterations set a bit higher than the currently recommended levels, as well as Dropbox's zxcvbn lib to try to identify and block weak passphrases.

    Ultimately, I think it's just not good enough. Even if you're updating iteration counts automatically (which is clearly not a safe assumption, and to be fair not something we did in EnvKey v1 either), and even with safeguards against weak passphrases, using human-generated passphrases as a single line of defense is just fundamentally weak.

    That's why in EnvKey v2, we switched to primarily using high entropy device-based keys--a lot like SSH private keys, except that on Mac and Windows the keys get stored in the OS keychain rather than in the file system. Also like SSH, a passphrases can optionally be added on top.

    The downside (or upside, depending how you look at it) is that new devices must be specifically granted access. You can't just log in and decrypt on a new device with only your passphrase. But the security is much stronger, and you also avoid all this song and dance around key stretching iterations.

    1 - https://github.com/envkey/envkey

    2 - https://github.com/dropbox/zxcvbn

prs

Posts with mentions or reviews of prs. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-09-25.
  • Bitwarden: Free, open-source password manager
    20 projects | news.ycombinator.com | 25 Sep 2023
    I created `prs` which solves a lot of painpoints I had with pass and other clients.

    It is compatible with pass and uses the very same store.

    https://github.com/timvisee/prs

  • Bitwarden Design Flaw
    5 projects | news.ycombinator.com | 23 Jan 2023
    Thanks for mentioning prs [1], dev here! :)

    Yes it definitely meets those requirements, being written in Rust, supporting pass, TOTP, Tombs amongst other things.

    Though its CLI is a bit different than classic pass. That is on purpose in fact, to achieve a better UX and less ambiguous commands.

    [1]: https://github.com/timvisee/prs

  • Are we yeet yet?
    4 projects | /r/rust | 20 Apr 2021
    prs has a hidden yeet to throw secrets/passwords away:
  • Pass: The standard Unix password manager
    22 projects | news.ycombinator.com | 13 Apr 2021
    I've developed `prs` as `pass` alternative with many annoyances fixed for daily use. It provides automatic syncing between multiple devices through git, supports multiple keys and many other things. It simply uses your existing `pass` store.

    Some might find it useful: https://github.com/timvisee/prs

  • Wayland in 2021
    2 projects | /r/linux | 17 Mar 2021
    I've added Wayland (clipboard) support to prs recently. It's a pass compatible client like gopass.
  • Lastpass free limits to single device from March 16
    12 projects | news.ycombinator.com | 16 Feb 2021
    Terminal gurus might like what I've been working on lately:

    https://github.com/timvisee/prs

    Free and open-source, keep control in your own hands, forever. Encryption with gpg, sync with git. Compatible with pass, which means better support and easy migration.

What are some alternatives?

When comparing zxcvbn and prs you can also consider the following projects:

SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

gopass - The slightly more awesome standard unix password manager for teams

monkeytype - The most customizable typing website with a minimalistic design and a ton of features. Test yourself in various modes, track your progress and improve your speed.

Retroactive - Retroactive only receives limited support. Run Aperture, iPhoto, and iTunes on macOS Sonoma, macOS Ventura, macOS Monterey, macOS Big Sur, and macOS Catalina. Xcode 11.7 on macOS Mojave. Final Cut Pro 7, Logic Pro 9, and iWork ’09 on macOS Mojave or macOS High Sierra.

keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

passforios - Pass for iOS - an iOS client compatible with Pass command line application.

dumb-password-rules - A compilation of sites with dumb password rules.

Pass4Win - Windows version of Pass (http://www.passwordstore.org/)

Next.js - The React Framework

pass-otp - A pass extension for managing one-time-password (OTP) tokens

Material UI - Ready-to-use foundational React components, free forever. It includes Material UI, which implements Google's Material Design.

git-cli - A git CLI tool which can initialize a repository, add files, and commit files.

zxcvbn vs SecLists prs vs gopass zxcvbn vs monkeytype prs vs Retroactive zxcvbn vs keepassxc prs vs passforios zxcvbn vs dumb-password-rules prs vs Pass4Win zxcvbn vs Next.js prs vs pass-otp zxcvbn vs Material UI prs vs git-cli