zxcvbn-ruby 0.0.1

data/lib/zxcvbn.rb

@@ -0,0 +1,37 @@
+require 'zxcvbn/version'
+require 'zxcvbn/match'
+require 'zxcvbn/matchers/regex_helpers'
+require 'zxcvbn/matchers/dictionary'
+require 'zxcvbn/matchers/l33t'
+require 'zxcvbn/matchers/spatial'
+require 'zxcvbn/matchers/sequences'
+require 'zxcvbn/matchers/repeat'
+require 'zxcvbn/matchers/digits'
+require 'zxcvbn/matchers/year'
+require 'zxcvbn/matchers/date'
+require 'zxcvbn/dictionary_ranker'
+require 'zxcvbn/omnimatch'
+require 'zxcvbn/math'
+require 'zxcvbn/entropy'
+require 'zxcvbn/crack_time'
+require 'zxcvbn/score'
+require 'zxcvbn/scorer'
+require 'zxcvbn/password_strength'
+
+module Zxcvbn
+  extend self
+
+  DATA_PATH = Pathname(File.expand_path('../../data', __FILE__))
+  ADJACENCY_GRAPHS = JSON.load(DATA_PATH.join('adjacency_graphs.json').read)
+  FREQUENCY_LISTS = YAML.load(DATA_PATH.join('frequency_lists.yaml').read)
+  RANKED_DICTIONARIES = DictionaryRanker.rank_dictionaries(FREQUENCY_LISTS)
+
+  def test(password, user_inputs = [])
+    zxcvbn = PasswordStrength.new
+    zxcvbn.test(password, user_inputs)
+  end
+
+  def add_word_list(name, list)
+    RANKED_DICTIONARIES[name] = DictionaryRanker.rank_dictionary(list)
+  end
+end

data/lib/zxcvbn/crack_time.rb

@@ -0,0 +1,51 @@
+module Zxcvbn::CrackTime
+  SINGLE_GUESS = 0.010
+  NUM_ATTACKERS = 100
+
+  SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS
+
+  def entropy_to_crack_time(entropy)
+    0.5 * (2 ** entropy) * SECONDS_PER_GUESS
+  end
+
+  def crack_time_to_score(seconds)
+    case
+    when seconds < 10**2
+      0
+    when seconds < 10**4
+      1
+    when seconds < 10**6
+      2
+    when seconds < 10**8
+      3
+    else
+      4
+    end
+  end
+
+  def display_time(seconds)
+    minute  = 60
+    hour    = minute * 60
+    day     = hour * 24
+    month   = day * 31
+    year    = month * 12
+    century = year * 100
+
+    case
+    when seconds < minute
+      'instant'
+    when seconds < hour
+      "#{1 + (seconds / minute).ceil} minutes"
+    when seconds < day
+      "#{1 + (seconds / hour).ceil} hours"
+    when seconds < month
+      "#{1 + (seconds / day).ceil} days"
+    when seconds < year
+      "#{1 + (seconds / month).ceil} months"
+    when seconds < century
+      "#{1 + (seconds / year).ceil} years"
+    else
+      'centuries'
+    end
+  end
+end

data/lib/zxcvbn/dictionary_ranker.rb

@@ -0,0 +1,23 @@
+# encoding: utf-8
+
+module Zxcvbn
+  class DictionaryRanker
+    def self.rank_dictionaries(lists)
+      dictionaries = {}
+      lists.each do |dict_name, words|
+        dictionaries[dict_name] = rank_dictionary(words)
+      end
+      dictionaries
+    end
+
+    def self.rank_dictionary(words)
+      dictionary = {}
+      i = 1
+      words.each do |word|
+        dictionary[word] = i
+        i += 1
+      end
+      dictionary
+    end
+  end
+end

data/lib/zxcvbn/entropy.rb

@@ -0,0 +1,151 @@
+module Zxcvbn::Entropy
+  include Zxcvbn::Math
+
+  def calc_entropy(match)
+    return match.entropy unless match.entropy.nil?
+    # debugger
+    match.entropy = case match.pattern
+    when 'repeat'
+      repeat_entropy(match)
+    when 'sequence'
+      sequence_entropy(match)
+    when 'digits'
+      digits_entropy(match)
+    when 'year'
+      year_entropy(match)
+    when 'date'
+      date_entropy(match)
+    when 'spatial'
+      spatial_entropy(match)
+    when 'dictionary'
+      dictionary_entropy(match)
+    end
+    match.entropy ||= 0
+  end
+
+  def repeat_entropy(match)
+    cardinality = bruteforce_cardinality match.token
+    lg(cardinality * match.token.length)
+  end
+
+  def sequence_entropy(match)
+    first_char = match.token[0]
+    base_entropy = if ['a', '1'].include?(first_char)
+      1
+    elsif first_char.match(/\d/)
+      lg(10)
+    elsif first_char.match(/[a-z]/)
+      lg(26)
+    else
+      lg(26) + 1
+    end
+    base_entropy += 1 unless match.ascending
+    base_entropy + lg(match.token.length)
+  end
+
+  def digits_entropy(match)
+    lg(10 ** match.token.length)
+  end
+
+  NUM_YEARS = 119 # years match against 1900 - 2019
+  NUM_MONTHS = 12
+  NUM_DAYS = 31
+
+  def year_entropy(match)
+    lg(NUM_YEARS)
+  end
+
+  def date_entropy(match)
+    if match.year < 100
+      entropy = lg(NUM_DAYS * NUM_MONTHS * 100)
+    else
+      entropy = lg(NUM_DAYS * NUM_MONTHS * NUM_YEARS)
+    end
+
+    if match.separator
+      entropy += 2
+    end
+
+    entropy    
+  end
+
+  def dictionary_entropy(match)
+    match.base_entropy = lg(match.rank)
+    match.uppercase_entropy = extra_uppercase_entropy(match)
+    match.l33t_entropy = extra_l33t_entropy(match)
+
+    match.base_entropy + match.uppercase_entropy + match.l33t_entropy
+  end
+
+  START_UPPER = /^[A-Z][^A-Z]+$/
+  END_UPPER   = /^[^A-Z]+[A-Z]$/
+  ALL_UPPER   = /^[A-Z]+$/
+  ALL_LOWER   = /^[a-z]+$/
+
+  def extra_uppercase_entropy(match)
+    word = match.token
+    [START_UPPER, END_UPPER, ALL_UPPER].each do |regex|
+      return 1 if word.match(regex)
+    end
+    num_upper = word.chars.count{|c| c.match(/[A-Z]/) }
+    num_lower = word.chars.count{|c| c.match(/[a-z]/) }
+    possibilities = 0
+    (0..min(num_upper, num_lower)).each do |i|
+      possibilities += nCk(num_upper + num_lower, i)
+    end
+    lg(possibilities)
+  end
+
+  def extra_l33t_entropy(match)
+    word = match.token
+    return 0 unless match.l33t
+    possibilities = 0
+    match.sub.each do |subbed, unsubbed|
+      num_subbed = word.chars.count{|c| c == subbed}
+      num_unsubbed = word.chars.count{|c| c == unsubbed}
+      (0..min(num_subbed, num_unsubbed)).each do |i|
+        possibilities += nCk(num_subbed + num_unsubbed, i)
+      end
+    end
+    entropy = lg(possibilities)
+    entropy == 0 ? 1 : entropy
+  end
+
+  def spatial_entropy(match)
+    if %w|qwerty dvorak|.include? match.graph
+      starting_positions = starting_positions_for_graph('qwerty')
+      average_degree     = average_degree_for_graph('qwerty')
+    else
+      starting_positions = starting_positions_for_graph('keypad')
+      average_degree     = average_degree_for_graph('keypad')
+    end
+
+    possibilities = 0
+    token_length  = match.token.length
+    turns         = match.turns
+
+    # estimate the ngpumber of possible patterns w/ token length or less with number of turns or less.
+    (2..token_length).each do |i|
+      possible_turns = [turns, i -1].min
+      (1..possible_turns).each do |j|
+        possibilities += nCk(i - 1, j - 1) * starting_positions * average_degree ** j
+      end
+    end
+        
+    entropy = lg possibilities
+    # add extra entropy for shifted keys. (% instead of 5, A instead of a.)
+    # math is similar to extra entropy from uppercase letters in dictionary matches.
+    
+    if match.shifted_count
+      shiffted_count  = match.shifted_count
+      unshifted_count = match.token.length - match.shifted_count
+      possibilities   = 0
+      
+      (0..[shiffted_count, unshifted_count].min).each do |i|
+        possibilities += nCk(shiffted_count + unshifted_count, i)
+      end
+      entropy += lg possibilities
+    end
+    entropy
+  end
+end

data/lib/zxcvbn/match.rb

@@ -0,0 +1,13 @@
+require 'ostruct'
+
+module Zxcvbn
+  class Match < OpenStruct
+    def to_hash
+      hash = @table.dup
+      hash.keys.sort.each do |key|
+        hash[key.to_s] = hash.delete(key)
+      end
+      hash
+    end
+  end
+end

data/lib/zxcvbn/matchers/date.rb

@@ -0,0 +1,134 @@
+module Zxcvbn
+  module Matchers
+    class Date
+      include RegexHelpers
+
+      YEAR_SUFFIX = /
+        ( \d{1,2} )                         # day or month
+        ( \s | \- | \/ | \\ | \_ | \. )     # separator
+        ( \d{1,2} )                         # month or day
+        \2                                  # same separator
+        ( 19\d{2} | 200\d | 201\d | \d{2} ) # year
+      /x
+
+      YEAR_PREFIX = /
+        ( 19\d{2} | 200\d | 201\d | \d{2} ) # year
+        ( \s | - | \/ | \\ | _ | \. )       # separator
+        ( \d{1,2} )                         # day or month
+        \2                                  # same separator
+        ( \d{1,2} )                         # month or day
+      /x
+
+      WITHOUT_SEPARATOR = /\d{4,8}/
+
+      def matches(password)
+        result = []
+        result += match_with_separator(password)
+        result += match_without_separator(password)
+        result
+      end
+
+      def match_with_separator(password)
+        result = []
+        re_match_all(YEAR_SUFFIX, password) do |match, re_match|
+          match.pattern = 'date'
+          match.day = re_match[1].to_i
+          match.separator = re_match[2]
+          match.month = re_match[3].to_i
+          match.year = re_match[4].to_i
+
+          day, month = match.day, match.month
+          if month > 12
+            match.day = month
+            match.month = day
+          end
+
+          result << match if valid_date?(match.day, match.month, match.year)
+        end
+        result
+      end
+
+      def match_without_separator(password)
+        result = []
+        re_match_all(WITHOUT_SEPARATOR, password) do |match, re_match|
+          extract_dates(match.token).each do |candidate|
+            day, month, year = candidate[:day], candidate[:month], candidate[:year]
+
+            match = match.dup
+            match.pattern = 'date'
+            match.day = day
+            match.month = month
+            match.year = year
+            match.separator = ''
+            result << match
+          end
+        end
+        result
+      end
+
+      def extract_dates(token)
+        dates = []
+        date_patterns_for_length(token.length).map do |pattern|
+          candidate = {
+            :year => '',
+            :month => '',
+            :day => ''
+          }
+          for i in 0...token.length
+            candidate[PATTERN_CHAR_TO_SYM[pattern[i]]] << token[i]
+          end
+          candidate.each do |component, value|
+            candidate[component] = value.to_i
+          end
+          
+          candidate[:year] = expand_year(candidate[:year])
+          
+          if valid_date?(candidate[:day], candidate[:month], candidate[:year]) && !matches_year?(token)
+            dates << candidate
+          end
+        end
+        dates
+      end
+
+      DATE_PATTERN_FOR_LENGTH = {
+        8 => %w[ yyyymmdd ddmmyyyy mmddyyyy ],
+        7 => %w[ yyyymdd yyyymmd ddmyyyy dmmyyyy ],
+        6 => %w[ yymmdd ddmmyy mmddyy ],
+        5 => %w[ yymdd yymmd ddmyy dmmyy mmdyy mddyy ],
+        4 => %w[ yymd dmyy mdyy ]
+      }
+
+      PATTERN_CHAR_TO_SYM = {
+        'y' => :year,
+        'm' => :month,
+        'd' => :day
+      }
+
+      def date_patterns_for_length(length)
+        DATE_PATTERN_FOR_LENGTH[length] || []
+      end
+
+      def valid_date?(day, month, year)
+        return false if day > 31 || month > 12
+        return false unless year >= 1900 && year <= 2019
+        true
+      end
+
+      def matches_year?(token)
+        token.size == 4 && Year::YEAR_REGEX.match(token)
+      end
+
+      def expand_year(year)
+        return year
+        # Block dates with 2 digit years for now to be compatible with the JS version
+        # return year unless year < 100
+        # now = Time.now.year
+        # if year <= 19
+        #   year + 2000
+        # else
+        #   year + 1900
+        # end
+      end
+    end
+  end
+end

data/lib/zxcvbn/matchers/dictionary.rb

@@ -0,0 +1,34 @@
+module Zxcvbn
+  module Matchers
+    # Given a password and a dictionary, match on any sequential segment of
+    # the lowercased password in the dictionary
+
+    class Dictionary
+      def initialize(name, ranked_dictionary)
+        @name = name
+        @ranked_dictionary = ranked_dictionary
+      end
+
+      def matches(password)
+        results = []
+        password_length = password.length
+        lowercased_password = password.downcase
+        (0..password_length).each do |i|
+          (i...password_length).each do |j|
+            word = lowercased_password[i..j]
+            if @ranked_dictionary.has_key?(word)
+              results << Match.new(:matched_word => word,
+                                   :token => password[i..j],
+                                   :i => i,
+                                   :j => j,
+                                   :rank => @ranked_dictionary[word],
+                                   :pattern => 'dictionary',
+                                   :dictionary_name => @name)
+            end
+          end
+        end
+        results
+      end
+    end
+  end
+end