And since the thread was moved, I can't click "Resolved", but please do know Brad Jones that your hard work is appreciated!! 
Password complexity calculator
7 months later
$ret = PasswordComplexity( 'zM4(g:Il' );
echo $ret;
echo '<br>';
echo strlen($ret);
I like this script.
As you can see I display the length of the result.
This gives a better way to compare different results.
Gives the number of digits in result.
In this case length is 15 digits.
[man]log10[/man] would be more accurate.
Hmm.
# tail -f -n1 /var/log/php_error_log
[29-Sep-2017 09:56:17 America/Chicago] PHP Fatal error: Call to undefined function bcpow() in /usr/home/admin/scripts/pass_test on line 34
#php -v
PHP 5.6.25 (cli) (built: Sep 8 2016 11:46:53)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
Anyone know what's up with that?
dalecosp;11064077 wrote:Hmm.
# tail -f -n1 /var/log/php_error_log [29-Sep-2017 09:56:17 America/Chicago] PHP Fatal error: Call to undefined function bcpow() in /usr/home/admin/scripts/pass_test on line 34 #php -v PHP 5.6.25 (cli) (built: Sep 8 2016 11:46:53) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend TechnologiesAnyone know what's up with that?
Nevermind. I am ROOT!!!! 
sudo pkg install math/php56-bcmath:rolleyes:
Weedpacket;11064073 wrote:[man]log10[/man] would be more accurate.
I don't want to doubt, but you mean using log10 in place of bcpow?
If so, can you help then to explain (when you have time), the following?
$s = "correct horse battery staple";
$t = "yBKcTR98";
echo "Complexity of 's': " .PasswordComplexity($s);
echo "\nComplexity of 't': " .PasswordComplexity($t);
Complexity of 's': 1.5563025007673
Complexity of 't': 1.7923916894983XKCD is wrong?
No, log10 in place of strlen; ceil(log10($ret)) being equivalent to strlen($ret).
I have been searching for Password Strength testers for a few days.
There are many, but most of them are doubtful in the result.
But now I have finally found a good one:
http://rumkin.com/tools/password/passchk.php
He gives the result as an Entropy value.
I recommend that one!
Let's just say, what with my phone having a virtual keyboard and all, on it I use passwords like "🌿4Go2🛏" (though that of course isn't one of them).
Weedpacket;11064133 wrote:Let's just say, what with my phone having a virtual keyboard and all, on it I use passwords like "🌿4Go2🛏" (though that of course isn't one of them).
The result of your password, Weedpacket,
using the password tester in my post above:
Length: 8
Strength: Reasonable - This password is fairly secure cryptographically and skilled hackers may need some good computing power to crack it. (Depends greatly on implementation!)
Entropy: 38.8 bits
Charset Size: 222 characters
What is noticable is the charset used in the password.
It has so many chars as 222.
Length 8, huh? I only count six characters: "🌿", "4", "G", "o", "2", and "🛏". Of course, JavaScript counts the first and last as two each.
The character set was determined as: 26 upper case letters, 26 lower case letters, 10 digits, and 160 characters from outside printable ASCII (i.e. characters 0x00 through 0x1f inclusive, and 0x7f and 0xff inclusive). But 🛏 for example, is represented by the two characters 0xd83d and 0xdecf, both obviously outside those ranges. The program should have counted the length as ten characters, for an entropy of 47.9 bits.
What's also odd is that the code reckons that [font=monospace]`~-_=+[{]}|;:'",<.>/?[/font] contains 20 characters.
It should go without saying that my real passwords tend to be a bit longer (the password I use for this site is over 20 characters).