$ man password-strength
/password-strength(1)
PRICE / CALL
$0.02
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
webprobeCATEGORY
utilities
STATUS
● live
NAME
password-strength — password strength meter + breach checker
SYNOPSIS
POST https://x402.org/v1/password-strength
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call →
402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.DESCRIPTION
Password strength meter + breach checker. Entropy bits, character-class diversity, common-pattern penalties, estimated crack times (online/offline/GPU). Plus Have I Been Pwned k-anonymity breach lookup — full password never leaves the server.
INPUT — request schema
| property | type | description | req? |
|---|---|---|---|
| password | string | Password to score. Sent over TLS to the worker but never logged. Max 200 chars. | required |
| check_breaches | boolean | Check HIBP. Default true. Sends only first 5 chars of SHA-1 (k-anonymity). | optional |
OUTPUT — response shape
| field | type | description |
|---|---|---|
| score | number | Overall password strength score, typically 0-100 combining entropy, length, and pattern penalties. |
| bucket | string | Strength label like very-weak, weak, fair, strong, or very-strong derived from the score. |
| length | number | Character count of the submitted password. |
| entropy_bits | number | Shannon entropy estimate in bits based on charset size and length. |
| charset_size | number | Size of the effective character pool used for entropy math (e.g., 26, 62, 95). |
| character_classes | object | Per-class flags showing which sets appear: lowercase, uppercase, digits, symbols. |
| character_class_count | number | Number of distinct character classes present (0-4). |
| common_patterns_found | array | List of detected weak patterns like dictionary words, sequences, keyboard walks, or dates. |
| estimated_crack_time | object | Crack-time estimates for online, offline, and GPU attack scenarios as human-readable durations. |
| breach_count | number | Number of times the password appears in the Have I Been Pwned corpus. |
| is_breached | boolean | True when breach_count is greater than zero in the HIBP dataset. |
| breach_check_performed | boolean | True when the HIBP k-anonymity lookup ran successfully for this request. |
| feedback | array | Actionable suggestions to strengthen the password, such as add length or mix character classes. |
| note | string | Server-side note about scoring caveats, HIBP fallback, or privacy guarantee that the password never leaves. |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.org/v1/password-strength \
-H 'Content-Type: application/json' \
-d '{ }'first response =
402 Payment Required with payment requirements; sign + retry with X-PAYMENT.EXAMPLE 2 · mcp
# install once claude mcp add x402 --command "npx x402-deployer-mcp" # then ask Claude Code: # "use the password-strength tool to ..."
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- passwordsecurityentropyhibpbreach
- methods
- POST
- cluster
- webprobe
- price
- $0.02 USDC per call
ADJACENT — other endpoints in webprobe
| endpoint | description | price |
|---|---|---|
| archive-snapshot | Wayback Machine API / archive.org wrapper. | $0.02 |
| dmarc-check | DMARC / SPF / DKIM checker. | $0.02 |
| dns-lookup | DNS lookup / DNS resolver / DoH proxy. | $0.02 |
| expand-url | URL expander / redirect chain tracer / link-shortener resolver. | $0.02 |
| whois | Domain WHOIS / RDAP lookup. | $0.02 |
| whois-lookup | WHOIS / RDAP domain lookup. | $0.02 |
| arxiv-search | arXiv full-text search. | $0.03 |
| ssl-cert | SSL certificate inspector / TLS cert checker / certificate transparency lookup / ssl expiry. | $0.03 |
SEE ALSO