DOS Exploit #72
Description
Hey, just wanted to let you know I've gotten reports from users of my library Nbvcxz that are getting a DOS every so often by specifically crafted passwords.
I even found a tool created by a government contractor used for issuing a DOS against programs using libraries containing the vulnerable (to combination explosion) algorithms from the original zxcvbn implementation:
https://github.com/twosixlabs/acsploit
GoSimpleLLC/nbvcxz#60
I'd take a look at some of the work another implementation did to improve things: formigarafa/zxcvbn-rb#7