PHP_passwdqc_check is a PHP port of passwdqc-check.c, by Eric Helvey https://twitter.com/helvdog/status/308958348647206913 @solardiz Just wrote PHP version of passwdqc-check.c usable as a AJAX password strength checker. Interested in the code? <@solardiz> @helvdog Yes, I'd like to take a look at your PHP version of passwdqc-check.c usable as a AJAX password strength checker. Thanks! <@helvdog> @solardiz https://github.com/helver/PHP_passwdqc_check Be gentle. My ego is fragile. <@solardiz> @helvdog Thanks! Are the pass/fail results from your PHP code meant to always match those of passwdqc_check.c? What testing did you perform? <@helvdog> @solardiz My testing was not thorough. Mostly eyeballs and small samples. Do you have a test suite with results that I could run against? <@solardiz> @helvdog You may also run both C and PHP on randomly generated strings for a long while and spot any different results <@helvdog> @solardiz *grin* Yeah... I can do that. gonna take awhile though. The PHP code is not fast... <@solardiz> @helvdog How fast is your code, e.g. in ms to check a typical good password on a modern CPU core with current versions of PHP? <@helvdog> @solardiz I'm going to find out... GenPhrase is based on passwdqc's pwqgen program, by Timo H https://github.com/timoh6/GenPhrase https://packagist.org/packages/genphrase/genphrase http://timoh6.github.io/2014/08/20/GenPhrase-security-bug-bounties.html