How to store and search list of 'Banned Passwords'

Question

I'm working on a project where I need to have a set of password restrictions that includes a file of disallowed passwords (All the common passwords like 'abc','abcdef','12345' 'password' etc.) The file of passwords will consist of around 10000-15000 words.

Now I want to make sure that when a user sets/changes a password, it doesn't exist in the list. I was thinking of using a dictionary (or map) in Java (with buckets as 'A', 'B', 'C'.... 'Z','NUMBERS','SPECIAL_CHARS') so that I just check the first character and then search the corresponding bucket. But I'm not sure what kind of performance I can get out of this.

Any suggestions for working with a 'Banned Passwords' List.... Any other pointers to watch out for?

Answer 1

If you extend your approach of "one bucket per letter" to the complete string, you will end with a trie, which looks like a nice structure for this problem, though I can't see a reason for not using a single HashSet (after all, the verification cost is almost constant, and the hash set searches in the bucket where the password is supposed to be stored). Splitting the hash depending on the initial letter does not improve the performance in comparision with using a single set.

On the other hand, if your implementation is memory bounded, you could avoid storing some banned passwords and do a rule-guided verification (e.g. check if there are 4 consecutive characters that differ by one, as in "ghij", or check if they are fragments of a keyboard row, such as "yuiop"). Each rule will be equivalent to several banned passwords.