Tag Archive: javascript


PassCrunch

As an exercise to teach myself the basics of regular expressions in JavaScript I decided to implement a small function I called passCrunch to check how secure a password is. I implemented it based on the following principles:

  • First of all, check for a list of well-known easy to break passwords to foil a dictionary attack, and reject it if it’s there.
  • Then check that it’s at least 8 characters, and reject it if it’s not.
  • Then implement a counter to measure how secure it is by various checks.
  • Then add to the rating if it’s more than 12 characters.
  • Add to the rating if it contains lowercase letters.
  • Add to the rating if it contains uppercase letters.
  • Add to the rating if it contains numbers.
  • Add to the rating if it contains nonalphanumeric characters.
  • Finally, convert the result to a percentage score and return it as an integer.

The finished article’s available here as a .zip file if you’d like to use it, or just take a look at the code. Be warned, it’s quite long due to the fact that the list of insecure passwords I used had in excess of 3,000 entries in it! It includes a very simple HTML form which will allow you to submit a function and will return a score for it via an alert() dialogue. Feel free to use it if you wish!

Having recently completed the Database Design Methodology part of my course, I’ve now moved onto the next part, which is JavaScript Fundamentals. It’s quite an interesting topic since unlike HTML and CSS, JavaScript is a proper programming language (OK, technically it’s a scripting language, but it’s not merely a markup language like HTML), so I’m quite enjoying it.

However, I’m a little disappointed with the quality of the training materials for the course (CIW JavaScript Fundamentals). It was published in 2003, and recommends the use of Windows ME or Windows 2000, and Internet Explorer 5.5 or later, or Netscape Navigator 4.0 or later. Now, IE5.5 was released in July 2000, making it a few months shy of a decade old, a staggering length of time for the web. Netscape Navigator is even older, dating back to June 1997! Of those two browsers, IE5.5 now has a miniscule market share, and Netscape Navigator isn’t actively developed at all anymore (although Mozilla Firefox is built off the same code base).

Given that in the last few years Internet Explorer has been rapidly losing market share, and developers are doing things with JavaScript that we couldn’t dream of five years ago, you’d hope the course would cover the more interesting and powerful things we can do with JavaScript today, such as AJAX, Greasemonkey scripts or third-party libraries such as jQuery. Instead, I’m stuck with form validation (OK, fair enough, need to learn that), manipulating frames (seriously, frames? When was the last time you even saw a framed website? They’re ugly and a pain to use) and pop-up windows.

Personally I’m more than willing to take up the slack myself by studying independently, but I’m sure there are plenty of people who wouldn’t do so until they reach the workplace. Admittedly, the fundamentals of the language haven’t changed, but there’s plenty of stuff that’s of very little use today that I’ve had to learn when I could be learning something more useful.

So surely these texts are long overdue for a refresh? I would hope that a newer release would cover at least some of the following:

  • At least one third-party JavaScript library, such as script.aculo.us or jQuery.
  • Writing Greasemonkey scripts (which is a very good way of learning more about JavaScript).
  • Creating a simple AJAX application.
  • Using a JavaScript debugger such as Firebug.

I really don’t think there’s any excuse for the training materials being that outdated when some of their other CIW training materials are much more current.