zxcvbn-ruby 0.0.1

data/lib/zxcvbn/matchers/year.rb

@@ -0,0 +1,18 @@
+module Zxcvbn
+  module Matchers
+    class Year
+      include RegexHelpers
+
+      YEAR_REGEX = /19\d\d|200\d|201\d/
+
+      def matches(password)
+        result = []
+        re_match_all(YEAR_REGEX, password) do |match|
+          match.pattern = 'year'
+          result << match
+        end
+        result
+      end
+    end
+  end
+end

data/lib/zxcvbn/math.rb

@@ -0,0 +1,63 @@
+module Zxcvbn
+  module Math
+    def bruteforce_cardinality(password)
+      is_type_of = {}
+
+      password.each_byte do |ordinal|
+        case ordinal
+        when (48..57)
+          is_type_of['digits'] = true
+        when (65..90)
+          is_type_of['upper'] = true
+        when (97..122)
+          is_type_of['lower'] = true
+        else
+          is_type_of['symbols'] = true
+        end
+      end
+
+      cardinality = 0
+      cardinality += 10 if is_type_of['digits']
+      cardinality += 26 if is_type_of['upper']
+      cardinality += 26 if is_type_of['lower']
+      cardinality += 33 if is_type_of['symbols']
+      cardinality
+    end
+
+    def lg(n)
+      ::Math.log(n, 2)
+    end
+
+    def nCk(n, k)
+      return 0 if k > n
+      return 1 if k == 0
+      r = 1
+      (1..k).each do |d|
+        r = r * n
+        r = r / d
+        n -= 1
+      end
+      r
+    end
+
+    def min(a, b)
+      a < b ? a : b
+    end
+
+    def average_degree_for_graph(graph_name)
+      graph   = Zxcvbn::ADJACENCY_GRAPHS[graph_name]
+      average = 0.0
+
+      graph.each do |key, neighbors|
+        average += neighbors.compact.length
+      end
+
+      average /= graph.keys.length
+      average
+    end
+
+    def starting_positions_for_graph(graph_name)
+      Zxcvbn::ADJACENCY_GRAPHS[graph_name].length
+    end
+  end
+end

data/lib/zxcvbn/omnimatch.rb

@@ -0,0 +1,49 @@
+require 'json'
+require 'yaml'
+require 'pathname'
+
+module Zxcvbn
+  class Omnimatch
+    def initialize
+      @matchers = build_matchers
+    end
+
+    def matches(password, user_inputs = [])
+      result = []
+      (@matchers + user_input_matchers(user_inputs)).each do |matcher|
+        result += matcher.matches(password)
+      end
+      result
+    end
+
+    private
+
+    def user_input_matchers(user_inputs)
+      return [] unless user_inputs.any?
+      user_ranked_dictionary = DictionaryRanker.rank_dictionary(user_inputs)
+      dictionary_matcher = Matchers::Dictionary.new('user_inputs', user_ranked_dictionary)
+      l33t_matcher = Matchers::L33t.new([dictionary_matcher])
+      [dictionary_matcher, l33t_matcher]
+    end
+
+
+    def build_matchers
+      matchers = []
+      dictionary_matchers = RANKED_DICTIONARIES.map do |name, dictionary|
+        Matchers::Dictionary.new(name, dictionary)
+      end
+      l33t_matcher = Matchers::L33t.new(dictionary_matchers)
+      matchers += dictionary_matchers
+      matchers += [
+        l33t_matcher,
+        Matchers::Spatial.new(ADJACENCY_GRAPHS),
+        Matchers::Digits.new,
+        Matchers::Repeat.new,
+        Matchers::Sequences.new,
+        Matchers::Year.new,
+        Matchers::Date.new
+      ]
+      matchers
+    end
+  end
+end

data/lib/zxcvbn/password_strength.rb

@@ -0,0 +1,21 @@
+require 'benchmark'
+
+module Zxcvbn
+  class PasswordStrength
+    def initialize
+      @omnimatch = Omnimatch.new
+      @scorer = Scorer.new
+    end
+
+    def test(password, user_inputs = [])
+      password = password || ''
+      result = nil
+      calc_time = Benchmark.realtime do
+        matches = @omnimatch.matches(password, user_inputs)
+        result = @scorer.minimum_entropy_match_sequence(password, matches)
+      end
+      result.calc_time = calc_time
+      result
+    end
+  end
+end

data/lib/zxcvbn/score.rb

@@ -0,0 +1,15 @@
+module Zxcvbn
+  class Score
+    attr_accessor :entropy, :crack_time, :crack_time_display, :score, :pattern,
+                  :match_sequence, :password, :calc_time
+
+    def initialize(options = {})
+      @entropy            = options[:entropy]
+      @crack_time         = options[:crack_time]
+      @crack_time_display = options[:crack_time_display]
+      @score              = options[:score]
+      @match_sequence     = options[:match_sequence]
+      @password           = options[:password]
+    end
+  end
+end

data/lib/zxcvbn/scorer.rb

@@ -0,0 +1,84 @@
+module Zxcvbn
+  class Scorer
+    include Entropy
+    include CrackTime
+
+    def minimum_entropy_match_sequence(password, matches)
+      bruteforce_cardinality = bruteforce_cardinality(password) # e.g. 26 for lowercase
+      up_to_k = []      # minimum entropy up to k.
+      backpointers = [] # for the optimal sequence of matches up to k, holds the final match (match.j == k). null means the sequence ends w/ a brute-force character.
+      (0...password.length).each do |k|
+        # starting scenario to try and beat: adding a brute-force character to the minimum entropy sequence at k-1.
+        previous_k_entropy = k == 0 ? 0 : up_to_k[k-1]
+        up_to_k[k] = previous_k_entropy + lg(bruteforce_cardinality)
+        backpointers[k] = nil
+        matches.each do |match|
+          next unless match.j == k
+          i, j = match.i, match.j
+          # see if best entropy up to i-1 + entropy of this match is less than the current minimum at j.
+          previous_i_entropy = i > 0 ? up_to_k[i-1] : 0
+          candidate_entropy = previous_i_entropy + calc_entropy(match)
+          if up_to_k[j] && candidate_entropy < up_to_k[j]
+            up_to_k[j] = candidate_entropy
+            backpointers[j] = match
+          end
+        end
+      end
+      # walk backwards and decode the best sequence
+      match_sequence = []
+      k = password.length - 1
+      while k >= 0
+        match = backpointers[k]
+        if match
+          match_sequence.push match
+          k = match.i - 1
+        else
+          k -= 1
+        end
+      end
+      match_sequence.reverse!
+
+      # fill in the blanks between pattern matches with bruteforce "matches"
+      # that way the match sequence fully covers the password: match1.j == match2.i - 1 for every adjacent match1, match2.
+      make_bruteforce_match = lambda do |i, j|
+        Match.new(
+          :pattern => 'bruteforce',
+          :i => i,
+          :j => j,
+          :token => password[i..j],
+          :entropy => lg(bruteforce_cardinality ** (j - i + 1)),
+          :cardinality => bruteforce_cardinality
+        )
+      end
+
+      k = 0
+      match_sequence_copy = []
+      match_sequence.each do |match|
+        i, j = match.i, match.j
+        if i - k > 0
+          debugger if i == 0
+          match_sequence_copy << make_bruteforce_match.call(k, i - 1)
+        end
+        k = j + 1
+        match_sequence_copy.push match
+      end
+      if k < password.length
+        match_sequence_copy.push make_bruteforce_match.call(k, password.length - 1)
+      end
+      match_sequence = match_sequence_copy
+
+      min_entropy = up_to_k[password.length - 1] || 0  # or 0 corner case is for an empty password ''
+      crack_time = entropy_to_crack_time(min_entropy)
+
+      # final result object
+      Score.new(
+        :password => password,
+        :entropy => min_entropy.round(3),
+        :match_sequence => match_sequence,
+        :crack_time => crack_time.round(3),
+        :crack_time_display => display_time(crack_time),
+        :score => crack_time_to_score(crack_time)
+      )
+    end
+  end
+end

data/lib/zxcvbn/version.rb

@@ -0,0 +1,3 @@
+module Zxcvbn
+  VERSION = "0.0.1"
+end

data/spec/matchers/date_spec.rb

@@ -0,0 +1,109 @@
+require 'spec_helper'
+
+describe Zxcvbn::Matchers::Date do
+  let(:matcher) { subject }
+
+  {
+    ' ' => 'testing02 12 1997',
+    '-' => 'testing02-12-1997',
+    '/' => 'testing02/12/1997',
+    '\\' => 'testing02\12\1997',
+    '_' => 'testing02_12_1997',
+    '.' => 'testing02.12.1997'
+  }.each do |separator, password|
+    context "with #{separator} seperator" do
+      let(:matches) { matcher.matches(password) }
+
+      it 'finds matches' do
+        matches.should_not be_empty
+      end
+
+      it 'finds the correct matches' do
+        matches.count.should eq 1
+        matches[0].token.should eq %w[ 02 12 1997 ].join(separator)
+        matches[0].separator.should eq separator
+        matches[0].day.should eq 2
+        matches[0].month.should eq 12
+        matches[0].year.should eq 1997
+      end
+    end
+  end
+
+  # context 'without separator' do
+  #   context '5 digit date' do
+  #     let(:matches) { matcher.matches('13192boo') }
+
+  #     it 'finds matches' do
+  #       matches.should_not be_empty
+  #     end
+
+  #     it 'finds the correct matches' do
+  #       matches.count.should eq 2
+  #       matches[0].token.should eq '13192'
+  #       matches[0].separator.should eq ''
+  #       matches[0].day.should eq 13
+  #       matches[0].month.should eq 1
+  #       matches[0].year.should eq 1992
+
+  #       matches[1].token.should eq '13192'
+  #       matches[1].separator.should eq ''
+  #       matches[1].day.should eq 31
+  #       matches[1].month.should eq 1
+  #       matches[1].year.should eq 1992
+  #     end
+  #   end
+  # end
+
+  # describe '#extract_dates' do
+  #   {
+  #     '1234' => [
+  #       {:year => 2012, :month => 3, :day => 4},
+  #       {:year => 1934, :month => 2, :day => 1},
+  #       {:year => 1934, :month => 1, :day => 2}
+  #     ],
+  #     '12345' => [
+  #       {:year => 1945, :month => 3, :day => 12},
+  #       {:year => 1945, :month => 12, :day => 3},
+  #       {:year => 1945, :month => 1, :day => 23}
+  #     ],
+  #     '54321' => [
+  #       {:year => 1954, :month => 3, :day => 21}
+  #     ],
+  #     '151290' => [
+  #       {:year => 1990, :month => 12, :day => 15}
+  #     ],
+  #     '901215' => [
+  #       {:year => 1990, :month => 12, :day => 15}
+  #     ],
+  #     '1511990' => [
+  #       {:year => 1990, :month => 1, :day => 15}
+  #     ]
+  #   }.each do |token, expected_candidates|
+  #     it "finds the correct candidates for #{token}" do
+  #       matcher.extract_dates(token).should match_array expected_candidates
+  #     end
+  #   end
+  # end
+
+  # describe '#expand_year' do
+  #   {
+  #     12 => 2012,
+  #     01 => 2001,
+  #     15 => 2015,
+  #     19 => 2019,
+  #     20 => 1920
+  #   }.each do |small, expanded|
+  #     it "expands #{small} to #{expanded}" do
+  #       matcher.expand_year(small).should eq expanded
+  #     end
+  #   end
+  # end
+
+  context 'invalid date' do
+    let(:matches) { matcher.matches('testing0.x.1997') }
+
+    it 'doesnt match' do
+      matches.should be_empty
+    end
+  end
+end

data/spec/matchers/dictionary_spec.rb

@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+describe Zxcvbn::Matchers::Dictionary do
+  let(:matcher) { described_class.new('english', dictionary) }
+  let(:dictionary) { Zxcvbn::RANKED_DICTIONARIES['english'] }
+
+  it 'finds all the matches' do
+    matches = matcher.matches('whatisinit')
+    matches.count.should == 14
+    expected_matches = ['wha', 'what', 'ha', 'hat', 'a', 'at', 'tis', 'i', 'is',
+                       'sin', 'i', 'in', 'i', 'it']
+    matches.map(&:matched_word).should == expected_matches
+  end
+end

data/spec/matchers/digits_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe Zxcvbn::Matchers::Digits do
+  let(:matcher) { subject }
+  let(:matches) { matcher.matches('testing1239xx9712') }
+
+  it 'sets the pattern name' do
+    matches.all? { |m| m.pattern == 'digits' }.should be_true
+  end
+
+  it 'finds the correct matches' do
+    matches.count.should == 2
+    matches[0].token.should eq '1239'
+  end
+end

data/spec/matchers/l33t_spec.rb

@@ -0,0 +1,85 @@
+require 'spec_helper'
+
+describe Zxcvbn::Matchers::L33t do
+  let(:matcher) { described_class.new([dictionary_matcher]) }
+  let(:dictionary) { Zxcvbn::RANKED_DICTIONARIES['english'] }
+  let(:dictionary_matcher) { Zxcvbn::Matchers::Dictionary.new('english', dictionary) }
+
+  describe '#relevant_l33t_substitutions' do
+    it 'returns relevant l33t substitutions' do
+      matcher.relevent_l33t_subtable('p@ssw1rd24').should eq(
+        {'a' => ['4', '@'], 'i' => ['1'], 'l' => ['1'], 'z' => ['2']}
+      )
+    end
+  end
+
+  describe 'possible l33t substitutions' do
+    context 'with 2 possible substitutions' do
+      it 'returns the correct possible substitutions' do
+        substitutions = {'a' => ['@'], 'i' => ['1']}
+        matcher.l33t_subs(substitutions).should match_array([
+          {'@' => 'a', '1' => 'i'}
+        ])
+      end
+
+      it 'returns the correct possible substitutions with multiple options' do
+        substitutions = {'a' => ['@', '4'], 'i' => ['1']}
+        matcher.l33t_subs(substitutions).should match_array([
+          {'@' => 'a', '1' => 'i'},
+          {'4' => 'a', '1' => 'i'}
+        ])
+      end
+    end
+
+    context 'with 3 possible substitutions' do
+      it 'returns the correct possible substitutions' do
+        substitutions = {'a' => ['@'], 'i' => ['1'], 'z' => ['3']}
+        matcher.l33t_subs(substitutions).should match_array([
+          {'@' => 'a', '1' => 'i', '3' => 'z'}
+        ])
+      end
+    end
+
+    context 'with 4 possible substitutions' do
+      it 'returns the correct possible substitutions' do
+        substitutions = {'a' => ['@'], 'i' => ['1'], 'z' => ['3'], 'b' => ['8']}
+        matcher.l33t_subs(substitutions).should match_array([
+          {'@' => 'a', '1' => 'i', '3' => 'z', '8' => 'b'}
+        ])
+      end
+    end
+  end
+
+  describe '#matches' do
+    let(:matches) { matcher.matches('p@ssword') }
+    # it doesn't match on 'password' because that's not in the english
+    # dictionary/frequency list
+
+    it 'finds the correct matches' do
+      matches.map(&:matched_word).should eq([
+        'pas',
+        'a',
+        'as',
+        'ass'
+      ])
+    end
+
+    it 'sets the token correctly on those matches' do
+      matches.map(&:token).should eq([
+        'p@s',
+        '@',
+        '@s',
+        '@ss'
+      ])
+    end
+
+    it 'sets the substituions used' do
+      matches.map(&:sub).should eq([
+        {'@' => 'a'},
+        {'@' => 'a'},
+        {'@' => 'a'},
+        {'@' => 'a'}
+      ])
+    end
+  end
+end