Class: Zxcvbn::Scorer

Inherits:

Object

• Object
• Zxcvbn::Scorer

Includes:

CrackTime, Entropy

Defined in:

lib/zxcvbn/scorer.rb

Constant Summary

Constants included from CrackTime

CrackTime::NUM_ATTACKERS, CrackTime::SECONDS_PER_GUESS, CrackTime::SINGLE_GUESS

Constants included from Entropy

Entropy::ALL_LOWER, Entropy::ALL_UPPER, Entropy::END_UPPER, Entropy::NUM_DAYS, Entropy::NUM_MONTHS, Entropy::NUM_YEARS, Entropy::START_UPPER

Instance Attribute Summary

• #data ⇒ Object readonly

  Returns the value of attribute data.

Instance Method Summary

• #initialize(data) ⇒ Scorer constructor

  A new instance of Scorer.

• #make_bruteforce_match(password, i, j, bruteforce_cardinality) ⇒ Object

  fill in the blanks between pattern matches with bruteforce “matches” that way the match sequence fully covers the password: match1.j == match2.i - 1 for every adjacent match1, match2.

• #minimum_entropy_match_sequence(password, matches) ⇒ Object
• #pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality) ⇒ Object
• #score_for(password, match_sequence, up_to_k) ⇒ Object

Methods included from CrackTime

#crack_time_to_score, #display_time, #entropy_to_crack_time

Methods included from Entropy

#calc_entropy, #date_entropy, #dictionary_entropy, #digits_entropy, #extra_l33t_entropy, #extra_uppercase_entropy, #repeat_entropy, #sequence_entropy, #spatial_entropy, #year_entropy

Methods included from Math

#average_degree_for_graph, #bruteforce_cardinality, #lg, #nCk, #starting_positions_for_graph

Constructor Details

#initialize(data) ⇒ Scorer

Returns a new instance of Scorer.

# File 'lib/zxcvbn/scorer.rb', line 10

def initialize(data)
  @data = data
end

Instance Attribute Details

#data ⇒ Object (readonly)

Returns the value of attribute data.

# File 'lib/zxcvbn/scorer.rb', line 14

def data
  @data
end

Instance Method Details

#make_bruteforce_match(password, i, j, bruteforce_cardinality) ⇒ Object

fill in the blanks between pattern matches with bruteforce “matches” that way the match sequence fully covers the password: match1.j == match2.i - 1 for every adjacent match1, match2.

# File 'lib/zxcvbn/scorer.rb', line 94

def make_bruteforce_match(password, i, j, bruteforce_cardinality)
  Match.new(
    pattern: 'bruteforce',
    i: i,
    j: j,
    token: password.slice(i, j - i + 1),
    entropy: lg(bruteforce_cardinality**(j - i + 1)),
    cardinality: bruteforce_cardinality
  )
end

#minimum_entropy_match_sequence(password, matches) ⇒ Object

# File 'lib/zxcvbn/scorer.rb', line 19

def minimum_entropy_match_sequence(password, matches)
  bruteforce_cardinality = bruteforce_cardinality(password) # e.g. 26 for lowercase
  up_to_k = [] # minimum entropy up to k.
  # for the optimal sequence of matches up to k, holds the final match (match.j == k).
  # null means the sequence ends w/ a brute-force character.
  backpointers = []
  (0...password.length).each do |k|
    # starting scenario to try and beat: adding a brute-force character to the minimum entropy sequence at k-1.
    previous_k_entropy = k.positive? ? up_to_k[k - 1] : 0
    up_to_k[k] = previous_k_entropy + lg(bruteforce_cardinality)
    backpointers[k] = nil
    matches.select do |match|
      match.j == k
    end.each do |match|
      i = match.i
      j = match.j
      # see if best entropy up to i-1 + entropy of this match is less than the current minimum at j.
      previous_i_entropy = i.positive? ? up_to_k[i - 1] : 0
      candidate_entropy = previous_i_entropy + calc_entropy(match)
      if up_to_k[j] && candidate_entropy < up_to_k[j]
        up_to_k[j] = candidate_entropy
        backpointers[j] = match
      end
    end
  end

  # walk backwards and decode the best sequence
  match_sequence = []
  k = password.length - 1
  while k >= 0
    match = backpointers[k]
    if match
      match_sequence.unshift match
      k = match.i - 1
    else
      k -= 1
    end
  end

  match_sequence = pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality)
  score_for(password, match_sequence, up_to_k)
end

#pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality) ⇒ Object

# File 'lib/zxcvbn/scorer.rb', line 77

def pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality)
  k = 0
  match_sequence_copy = []
  match_sequence.each do |match|
    match_sequence_copy << make_bruteforce_match(password, k, match.i - 1, bruteforce_cardinality) if match.i > k
    k = match.j + 1
    match_sequence_copy << match
  end
  if k < password.length
    match_sequence_copy << make_bruteforce_match(password, k, password.length - 1, bruteforce_cardinality)
  end
  match_sequence_copy
end

#score_for(password, match_sequence, up_to_k) ⇒ Object

# File 'lib/zxcvbn/scorer.rb', line 62

def score_for(password, match_sequence, up_to_k)
  min_entropy = up_to_k[password.length - 1] || 0 # or 0 corner case is for an empty password ''
  crack_time = entropy_to_crack_time(min_entropy)

  # final result object
  Score.new(
    password: password,
    entropy: min_entropy.round(3),
    match_sequence: match_sequence,
    crack_time: crack_time.round(3),
    crack_time_display: display_time(crack_time),
    score: crack_time_to_score(crack_time)
  )
end