I decided to actually implement the ideas from a blog post I wrote and shared here a few months ago.
Feedback is quite welcome; I hope to release v1.0.0 less than a day from now.
This repository contains a Go library as well as a pair of CLI executables for measuring password strength and generating passwords. Unlike existing solutions I’m aware of, MOAC uses physical limits to computation to analyze password strength.
In addition to specifying/measuring length, charsets, and/or entropy, users can also work with physical values (mass, energy, etc); MOAC determines what the most powerful brute-force attack that the laws of physics can allow would look like to determine how strong a password is.
The difference between a password crackable in 1000 years and 1e8 years is hard to comprehend while the difference between requiring the mass-energy of a mountain and the mass-energy of a planet is much more apparent. Large masses are easier to visualize than long durations.