Class: Zxcvbn::Scorer

Inherits:

Object

• Object
• Zxcvbn::Scorer

Includes:

CrackTime, Entropy

Defined in:

lib/zxcvbn/scorer.rb

Constant Summary

Constants included from CrackTime

CrackTime::NUM_ATTACKERS, CrackTime::SECONDS_PER_GUESS, CrackTime::SINGLE_GUESS

Constants included from Entropy

Entropy::ALL_LOWER, Entropy::ALL_UPPER, Entropy::END_UPPER, Entropy::NUM_DAYS, Entropy::NUM_MONTHS, Entropy::NUM_YEARS, Entropy::START_UPPER

Instance Attribute Summary

• #data ⇒ Object readonly

  Returns the value of attribute data.

Instance Method Summary

• #initialize(data) ⇒ Scorer constructor

  A new instance of Scorer.

• #make_bruteforce_match(password, i, j, bruteforce_cardinality) ⇒ Object

  fill in the blanks between pattern matches with bruteforce “matches” that way the match sequence fully covers the password: match1.j == match2.i - 1 for every adjacent match1, match2.

• #minimum_entropy_match_sequence(password, matches) ⇒ Object
• #pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality) ⇒ Object
• #score_for(password, match_sequence, up_to_k) ⇒ Object

Methods included from CrackTime

#crack_time_to_score, #display_time, #entropy_to_crack_time

Methods included from Entropy

#calc_entropy, #date_entropy, #dictionary_entropy, #digits_entropy, #extra_l33t_entropy, #extra_uppercase_entropy, #repeat_entropy, #sequence_entropy, #spatial_entropy, #year_entropy

Methods included from Math

#average_degree_for_graph, #bruteforce_cardinality, #lg, #nCk, #starting_positions_for_graph

Constructor Details

#initialize(data) ⇒ Scorer

Returns a new instance of Scorer.

# File 'lib/zxcvbn/scorer.rb', line 8

def initialize(data)
  @data = data
end

Instance Attribute Details

#data ⇒ Object (readonly)

Returns the value of attribute data.

# File 'lib/zxcvbn/scorer.rb', line 12

def data
  @data
end

Instance Method Details

#make_bruteforce_match(password, i, j, bruteforce_cardinality) ⇒ Object

fill in the blanks between pattern matches with bruteforce “matches” that way the match sequence fully covers the password: match1.j == match2.i - 1 for every adjacent match1, match2.

# File 'lib/zxcvbn/scorer.rb', line 91

def make_bruteforce_match(password, i, j, bruteforce_cardinality)
  Match.new(
    :pattern => 'bruteforce',
    :i => i,
    :j => j,
    :token => password[i..j],
    :entropy => lg(bruteforce_cardinality ** (j - i + 1)),
    :cardinality => bruteforce_cardinality
  )
end

#minimum_entropy_match_sequence(password, matches) ⇒ Object

# File 'lib/zxcvbn/scorer.rb', line 17

def minimum_entropy_match_sequence(password, matches)
  bruteforce_cardinality = bruteforce_cardinality(password) # e.g. 26 for lowercase
  up_to_k = []      # minimum entropy up to k.
  backpointers = [] # for the optimal sequence of matches up to k, holds the final match (match.j == k). null means the sequence ends w/ a brute-force character.
  (0...password.length).each do |k|
    # starting scenario to try and beat: adding a brute-force character to the minimum entropy sequence at k-1.
    previous_k_entropy = k > 0 ? up_to_k[k-1] : 0
    up_to_k[k] = previous_k_entropy + lg(bruteforce_cardinality)
    backpointers[k] = nil
    matches.select do |match|
      match.j == k
    end.each do |match|
      i, j = match.i, match.j
      # see if best entropy up to i-1 + entropy of this match is less than the current minimum at j.
      previous_i_entropy = i > 0 ? up_to_k[i-1] : 0
      candidate_entropy = previous_i_entropy + calc_entropy(match)
      if up_to_k[j] && candidate_entropy < up_to_k[j]
        up_to_k[j] = candidate_entropy
        backpointers[j] = match
      end
    end
  end

  # walk backwards and decode the best sequence
  match_sequence = []
  k = password.length - 1
  while k >= 0
    match = backpointers[k]
    if match
      match_sequence.unshift match
      k = match.i - 1
    else
      k -= 1
    end
  end

  match_sequence = pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality)
  score_for(password, match_sequence, up_to_k)
end

#pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality) ⇒ Object

# File 'lib/zxcvbn/scorer.rb', line 73

def pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality)
  k = 0
  match_sequence_copy = []
  match_sequence.each do |match|
    if match.i > k
      match_sequence_copy << make_bruteforce_match(password, k, match.i - 1, bruteforce_cardinality)
    end
    k = match.j + 1
    match_sequence_copy << match
  end
  if k < password.length
    match_sequence_copy << make_bruteforce_match(password, k, password.length - 1, bruteforce_cardinality)
  end
  match_sequence_copy
end

#score_for(password, match_sequence, up_to_k) ⇒ Object

# File 'lib/zxcvbn/scorer.rb', line 57

def score_for password, match_sequence, up_to_k
  min_entropy = up_to_k[password.length - 1] || 0  # or 0 corner case is for an empty password ''
  crack_time = entropy_to_crack_time(min_entropy)

  # final result object
  Score.new(
    :password => password,
    :entropy => min_entropy.round(3),
    :match_sequence => match_sequence,
    :crack_time => crack_time.round(3),
    :crack_time_display => display_time(crack_time),
    :score => crack_time_to_score(crack_time)
  )
end