zxcvbn-ruby 0.0.1

data/spec/support/js_source/scoring.coffee

@@ -0,0 +1,270 @@
+
+nCk = (n, k) ->
+  # http://blog.plover.com/math/choose.html
+  return 0 if k > n
+  return 1 if k == 0
+  r = 1
+  for d in [1..k]
+    r *= n
+    r /= d
+    n -= 1
+  r
+
+lg = (n) -> Math.log(n) / Math.log(2)
+
+# ------------------------------------------------------------------------------
+# minimum entropy search -------------------------------------------------------
+# ------------------------------------------------------------------------------
+#
+# takes a list of overlapping matches, returns the non-overlapping sublist with
+# minimum entropy. O(nm) dp alg for length-n password with m candidate matches.
+# ------------------------------------------------------------------------------
+
+minimum_entropy_match_sequence = (password, matches) ->
+  bruteforce_cardinality = calc_bruteforce_cardinality password # e.g. 26 for lowercase
+  up_to_k = []      # minimum entropy up to k.
+  backpointers = [] # for the optimal sequence of matches up to k, holds the final match (match.j == k). null means the sequence ends w/ a brute-force character.
+  for k in [0...password.length]
+    # starting scenario to try and beat: adding a brute-force character to the minimum entropy sequence at k-1.
+    up_to_k[k] = (up_to_k[k-1] or 0) + lg bruteforce_cardinality
+    backpointers[k] = null
+    for match in matches when match.j == k
+      [i, j] = [match.i, match.j]
+      # see if best entropy up to i-1 + entropy of this match is less than the current minimum at j.
+      candidate_entropy = (up_to_k[i-1] or 0) + calc_entropy(match)
+      if candidate_entropy < up_to_k[j]
+        up_to_k[j] = candidate_entropy
+        backpointers[j] = match
+
+  # walk backwards and decode the best sequence
+  match_sequence = []
+  k = password.length - 1
+  while k >= 0
+    match = backpointers[k]
+    if match
+      match_sequence.push match
+      k = match.i - 1
+    else
+      k -= 1
+  match_sequence.reverse()
+
+  # fill in the blanks between pattern matches with bruteforce "matches"
+  # that way the match sequence fully covers the password: match1.j == match2.i - 1 for every adjacent match1, match2.
+  make_bruteforce_match = (i, j) ->
+    pattern: 'bruteforce'
+    i: i
+    j: j
+    token: password[i..j]
+    entropy: lg Math.pow(bruteforce_cardinality, j - i + 1)
+    cardinality: bruteforce_cardinality
+  k = 0
+  match_sequence_copy = []
+  for match in match_sequence
+    [i, j] = [match.i, match.j]
+    if i - k > 0
+      match_sequence_copy.push make_bruteforce_match(k, i - 1)
+    k = j + 1
+    match_sequence_copy.push match
+  if k < password.length
+    match_sequence_copy.push make_bruteforce_match(k, password.length - 1)
+  match_sequence = match_sequence_copy
+
+  min_entropy = up_to_k[password.length - 1] or 0  # or 0 corner case is for an empty password ''
+  crack_time = entropy_to_crack_time min_entropy
+
+  # final result object
+  password: password
+  entropy: round_to_x_digits(min_entropy, 3)
+  match_sequence: match_sequence
+  crack_time: round_to_x_digits(crack_time, 3)
+  crack_time_display: display_time crack_time
+  score: crack_time_to_score crack_time
+
+round_to_x_digits = (n, x) -> Math.round(n * Math.pow(10, x)) / Math.pow(10, x)
+
+# ------------------------------------------------------------------------------
+# threat model -- stolen hash catastrophe scenario -----------------------------
+# ------------------------------------------------------------------------------
+#
+# assumes:
+# * passwords are stored as salted hashes, different random salt per user.
+#   (making rainbow attacks infeasable.)
+# * hashes and salts were stolen. attacker is guessing passwords at max rate.
+# * attacker has several CPUs at their disposal.
+# ------------------------------------------------------------------------------
+
+# for a hash function like bcrypt/scrypt/PBKDF2, 10ms per guess is a safe lower bound.
+# (usually a guess would take longer -- this assumes fast hardware and a small work factor.)
+# adjust for your site accordingly if you use another hash function, possibly by
+# several orders of magnitude!
+SINGLE_GUESS = .010
+NUM_ATTACKERS = 100 # number of cores guessing in parallel.
+
+SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS
+
+entropy_to_crack_time = (entropy) -> .5 * Math.pow(2, entropy) * SECONDS_PER_GUESS # average, not total
+
+crack_time_to_score = (seconds) ->
+  return 0 if seconds < Math.pow(10, 2)
+  return 1 if seconds < Math.pow(10, 4)
+  return 2 if seconds < Math.pow(10, 6)
+  return 3 if seconds < Math.pow(10, 8)
+  return 4
+
+# ------------------------------------------------------------------------------
+# entropy calcs -- one function per match pattern ------------------------------
+# ------------------------------------------------------------------------------
+
+calc_entropy = (match) ->
+  return match.entropy if match.entropy? # a match's entropy doesn't change. cache it.
+  entropy_func = switch match.pattern
+    when 'repeat'     then repeat_entropy
+    when 'sequence'   then sequence_entropy
+    when 'digits'     then digits_entropy
+    when 'year'       then year_entropy
+    when 'date'       then date_entropy
+    when 'spatial'    then spatial_entropy
+    when 'dictionary' then dictionary_entropy
+  match.entropy = entropy_func match
+
+repeat_entropy = (match) ->
+  cardinality = calc_bruteforce_cardinality match.token
+  lg (cardinality * match.token.length)
+
+sequence_entropy = (match) ->
+  first_chr = match.token.charAt(0)
+  if first_chr in ['a', '1']
+    base_entropy = 1
+  else
+    if first_chr.match /\d/
+      base_entropy = lg(10) # digits
+    else if first_chr.match /[a-z]/
+      base_entropy = lg(26) # lower
+    else
+      base_entropy = lg(26) + 1 # extra bit for uppercase
+  if not match.ascending
+    base_entropy += 1 # extra bit for descending instead of ascending
+  base_entropy + lg match.token.length
+
+digits_entropy = (match) -> lg Math.pow(10, match.token.length)
+
+NUM_YEARS = 119 # years match against 1900 - 2019
+NUM_MONTHS = 12
+NUM_DAYS = 31
+
+year_entropy = (match) -> lg NUM_YEARS
+
+date_entropy = (match) ->
+  if match.year < 100
+    entropy = lg(NUM_DAYS * NUM_MONTHS * 100) # two-digit year
+  else
+    entropy = lg(NUM_DAYS * NUM_MONTHS * NUM_YEARS) # four-digit year
+  if match.separator
+    entropy += 2 # add two bits for separator selection [/,-,.,etc]
+  entropy
+
+spatial_entropy = (match) ->
+  if match.graph in ['qwerty', 'dvorak']
+    s = KEYBOARD_STARTING_POSITIONS
+    d = KEYBOARD_AVERAGE_DEGREE
+  else
+    s = KEYPAD_STARTING_POSITIONS
+    d = KEYPAD_AVERAGE_DEGREE
+  possibilities = 0
+  L = match.token.length
+  t = match.turns
+  # estimate the number of possible patterns w/ length L or less with t turns or less.
+  for i in [2..L]
+    possible_turns = Math.min(t, i - 1)
+    for j in [1..possible_turns]
+      possibilities += nCk(i - 1, j - 1) * s * Math.pow(d, j)
+  entropy = lg possibilities
+  # add extra entropy for shifted keys. (% instead of 5, A instead of a.)
+  # math is similar to extra entropy from uppercase letters in dictionary matches.
+  if match.shifted_count
+    S = match.shifted_count
+    U = match.token.length - match.shifted_count # unshifted count
+    possibilities = 0
+    possibilities += nCk(S + U, i) for i in [0..Math.min(S, U)]
+    entropy += lg possibilities
+  entropy
+
+dictionary_entropy = (match) ->
+  match.base_entropy = lg match.rank # keep these as properties for display purposes
+  match.uppercase_entropy = extra_uppercase_entropy match
+  match.l33t_entropy = extra_l33t_entropy match
+  match.base_entropy + match.uppercase_entropy + match.l33t_entropy
+
+START_UPPER = /^[A-Z][^A-Z]+$/
+END_UPPER = /^[^A-Z]+[A-Z]$/
+ALL_UPPER = /^[^a-z]+$/
+ALL_LOWER = /^[^A-Z]+$/
+
+extra_uppercase_entropy = (match) ->
+  word = match.token
+  return 0 if word.match ALL_LOWER
+  # a capitalized word is the most common capitalization scheme,
+  # so it only doubles the search space (uncapitalized + capitalized): 1 extra bit of entropy.
+  # allcaps and end-capitalized are common enough too, underestimate as 1 extra bit to be safe.
+  for regex in [START_UPPER, END_UPPER, ALL_UPPER]
+    return 1 if word.match regex
+  # otherwise calculate the number of ways to capitalize U+L uppercase+lowercase letters with U uppercase letters or less.
+  # or, if there's more uppercase than lower (for e.g. PASSwORD), the number of ways to lowercase U+L letters with L lowercase letters or less.
+  U = (chr for chr in word.split('') when chr.match /[A-Z]/).length
+  L = (chr for chr in word.split('') when chr.match /[a-z]/).length
+  possibilities = 0
+  possibilities += nCk(U + L, i) for i in [0..Math.min(U, L)]
+  lg possibilities
+
+extra_l33t_entropy = (match) ->
+  return 0 if not match.l33t
+  possibilities = 0
+  for subbed, unsubbed of match.sub
+    S = (chr for chr in match.token.split('') when chr == subbed).length   # number of subbed characters.
+    U = (chr for chr in match.token.split('') when chr == unsubbed).length # number of unsubbed characters.
+    possibilities += nCk(U + S, i) for i in [0..Math.min(U, S)]
+  # corner: return 1 bit for single-letter subs, like 4pple -> apple, instead of 0.
+  lg(possibilities) or 1
+
+# utilities --------------------------------------------------------------------
+
+calc_bruteforce_cardinality = (password) ->
+  [lower, upper, digits, symbols] = [false, false, false, false]
+  for chr in password.split('')
+    ord = chr.charCodeAt(0)
+    if 0x30 <= ord <= 0x39
+      digits = true
+    else if 0x41 <= ord <= 0x5a
+      upper = true
+    else if 0x61 <= ord <= 0x7a
+      lower = true
+    else
+      symbols = true
+  c = 0
+  c += 10 if digits
+  c += 26 if upper
+  c += 26 if lower
+  c += 33 if symbols
+  c
+
+display_time = (seconds) ->
+  minute = 60
+  hour = minute * 60
+  day = hour * 24
+  month = day * 31
+  year = month * 12
+  century = year * 100
+  if seconds < minute
+    'instant'
+  else if seconds < hour
+    "#{1 + Math.ceil(seconds / minute)} minutes"
+  else if seconds < day
+    "#{1 + Math.ceil(seconds / hour)} hours"
+  else if seconds < month
+    "#{1 + Math.ceil(seconds / day)} days"
+  else if seconds < year
+    "#{1 + Math.ceil(seconds / month)} months"
+  else if seconds < century
+    "#{1 + Math.ceil(seconds / year)} years"
+  else
+    'centuries'

data/spec/support/js_source/scoring.js

@@ -0,0 +1,390 @@
+// Generated by CoffeeScript 1.3.3
+var ALL_LOWER, ALL_UPPER, END_UPPER, NUM_ATTACKERS, NUM_DAYS, NUM_MONTHS, NUM_YEARS, SECONDS_PER_GUESS, SINGLE_GUESS, START_UPPER, calc_bruteforce_cardinality, calc_entropy, crack_time_to_score, date_entropy, dictionary_entropy, digits_entropy, display_time, entropy_to_crack_time, extra_l33t_entropy, extra_uppercase_entropy, lg, minimum_entropy_match_sequence, nCk, repeat_entropy, round_to_x_digits, sequence_entropy, spatial_entropy, year_entropy;
+
+nCk = function(n, k) {
+  var d, r, _i;
+  if (k > n) {
+    return 0;
+  }
+  if (k === 0) {
+    return 1;
+  }
+  r = 1;
+  for (d = _i = 1; 1 <= k ? _i <= k : _i >= k; d = 1 <= k ? ++_i : --_i) {
+    r *= n;
+    r /= d;
+    n -= 1;
+  }
+  return r;
+};
+
+lg = function(n) {
+  return Math.log(n) / Math.log(2);
+};
+
+minimum_entropy_match_sequence = function(password, matches) {
+  var backpointers, bruteforce_cardinality, candidate_entropy, crack_time, i, j, k, make_bruteforce_match, match, match_sequence, match_sequence_copy, min_entropy, up_to_k, _i, _j, _k, _len, _len1, _ref, _ref1, _ref2;
+  bruteforce_cardinality = calc_bruteforce_cardinality(password);
+  up_to_k = [];
+  backpointers = [];
+  for (k = _i = 0, _ref = password.length; 0 <= _ref ? _i < _ref : _i > _ref; k = 0 <= _ref ? ++_i : --_i) {
+    up_to_k[k] = (up_to_k[k - 1] || 0) + lg(bruteforce_cardinality);
+    backpointers[k] = null;
+    for (_j = 0, _len = matches.length; _j < _len; _j++) {
+      match = matches[_j];
+      if (!(match.j === k)) {
+        continue;
+      }
+      _ref1 = [match.i, match.j], i = _ref1[0], j = _ref1[1];
+      candidate_entropy = (up_to_k[i - 1] || 0) + calc_entropy(match);
+      if (candidate_entropy < up_to_k[j]) {
+        up_to_k[j] = candidate_entropy;
+        backpointers[j] = match;
+      }
+    }
+  }
+  match_sequence = [];
+  k = password.length - 1;
+  while (k >= 0) {
+    match = backpointers[k];
+    if (match) {
+      match_sequence.push(match);
+      k = match.i - 1;
+    } else {
+      k -= 1;
+    }
+  }
+  match_sequence.reverse();
+  make_bruteforce_match = function(i, j) {
+    return {
+      pattern: 'bruteforce',
+      i: i,
+      j: j,
+      token: password.slice(i, j + 1 || 9e9),
+      entropy: lg(Math.pow(bruteforce_cardinality, j - i + 1)),
+      cardinality: bruteforce_cardinality
+    };
+  };
+  k = 0;
+  match_sequence_copy = [];
+  for (_k = 0, _len1 = match_sequence.length; _k < _len1; _k++) {
+    match = match_sequence[_k];
+    _ref2 = [match.i, match.j], i = _ref2[0], j = _ref2[1];
+    if (i - k > 0) {
+      match_sequence_copy.push(make_bruteforce_match(k, i - 1));
+    }
+    k = j + 1;
+    match_sequence_copy.push(match);
+  }
+  if (k < password.length) {
+    match_sequence_copy.push(make_bruteforce_match(k, password.length - 1));
+  }
+  match_sequence = match_sequence_copy;
+  min_entropy = up_to_k[password.length - 1] || 0;
+  crack_time = entropy_to_crack_time(min_entropy);
+  return {
+    password: password,
+    entropy: round_to_x_digits(min_entropy, 3),
+    match_sequence: match_sequence,
+    crack_time: round_to_x_digits(crack_time, 3),
+    crack_time_display: display_time(crack_time),
+    score: crack_time_to_score(crack_time)
+  };
+};
+
+round_to_x_digits = function(n, x) {
+  return Math.round(n * Math.pow(10, x)) / Math.pow(10, x);
+};
+
+SINGLE_GUESS = .010;
+
+NUM_ATTACKERS = 100;
+
+SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS;
+
+entropy_to_crack_time = function(entropy) {
+  return .5 * Math.pow(2, entropy) * SECONDS_PER_GUESS;
+};
+
+crack_time_to_score = function(seconds) {
+  if (seconds < Math.pow(10, 2)) {
+    return 0;
+  }
+  if (seconds < Math.pow(10, 4)) {
+    return 1;
+  }
+  if (seconds < Math.pow(10, 6)) {
+    return 2;
+  }
+  if (seconds < Math.pow(10, 8)) {
+    return 3;
+  }
+  return 4;
+};
+
+calc_entropy = function(match) {
+  var entropy_func;
+  if (match.entropy != null) {
+    return match.entropy;
+  }
+  entropy_func = (function() {
+    switch (match.pattern) {
+      case 'repeat':
+        return repeat_entropy;
+      case 'sequence':
+        return sequence_entropy;
+      case 'digits':
+        return digits_entropy;
+      case 'year':
+        return year_entropy;
+      case 'date':
+        return date_entropy;
+      case 'spatial':
+        return spatial_entropy;
+      case 'dictionary':
+        return dictionary_entropy;
+    }
+  })();
+  return match.entropy = entropy_func(match);
+};
+
+repeat_entropy = function(match) {
+  var cardinality;
+  cardinality = calc_bruteforce_cardinality(match.token);
+  return lg(cardinality * match.token.length);
+};
+
+sequence_entropy = function(match) {
+  var base_entropy, first_chr;
+  first_chr = match.token.charAt(0);
+  if (first_chr === 'a' || first_chr === '1') {
+    base_entropy = 1;
+  } else {
+    if (first_chr.match(/\d/)) {
+      base_entropy = lg(10);
+    } else if (first_chr.match(/[a-z]/)) {
+      base_entropy = lg(26);
+    } else {
+      base_entropy = lg(26) + 1;
+    }
+  }
+  if (!match.ascending) {
+    base_entropy += 1;
+  }
+  return base_entropy + lg(match.token.length);
+};
+
+digits_entropy = function(match) {
+  return lg(Math.pow(10, match.token.length));
+};
+
+NUM_YEARS = 119;
+
+NUM_MONTHS = 12;
+
+NUM_DAYS = 31;
+
+year_entropy = function(match) {
+  return lg(NUM_YEARS);
+};
+
+date_entropy = function(match) {
+  var entropy;
+  if (match.year < 100) {
+    entropy = lg(NUM_DAYS * NUM_MONTHS * 100);
+  } else {
+    entropy = lg(NUM_DAYS * NUM_MONTHS * NUM_YEARS);
+  }
+  if (match.separator) {
+    entropy += 2;
+  }
+  return entropy;
+};
+
+spatial_entropy = function(match) {
+  var L, S, U, d, entropy, i, j, possibilities, possible_turns, s, t, _i, _j, _k, _ref, _ref1;
+  if ((_ref = match.graph) === 'qwerty' || _ref === 'dvorak') {
+    s = KEYBOARD_STARTING_POSITIONS;
+    d = KEYBOARD_AVERAGE_DEGREE;
+  } else {
+    s = KEYPAD_STARTING_POSITIONS;
+    d = KEYPAD_AVERAGE_DEGREE;
+  }
+  possibilities = 0;
+  L = match.token.length;
+  t = match.turns;
+  for (i = _i = 2; 2 <= L ? _i <= L : _i >= L; i = 2 <= L ? ++_i : --_i) {
+    possible_turns = Math.min(t, i - 1);
+    for (j = _j = 1; 1 <= possible_turns ? _j <= possible_turns : _j >= possible_turns; j = 1 <= possible_turns ? ++_j : --_j) {
+      possibilities += nCk(i - 1, j - 1) * s * Math.pow(d, j);
+    }
+  }
+  entropy = lg(possibilities);
+  if (match.shifted_count) {
+    S = match.shifted_count;
+    U = match.token.length - match.shifted_count;
+    possibilities = 0;
+    for (i = _k = 0, _ref1 = Math.min(S, U); 0 <= _ref1 ? _k <= _ref1 : _k >= _ref1; i = 0 <= _ref1 ? ++_k : --_k) {
+      possibilities += nCk(S + U, i);
+    }
+    entropy += lg(possibilities);
+  }
+  return entropy;
+};
+
+dictionary_entropy = function(match) {
+  match.base_entropy = lg(match.rank);
+  match.uppercase_entropy = extra_uppercase_entropy(match);
+  match.l33t_entropy = extra_l33t_entropy(match);
+  return match.base_entropy + match.uppercase_entropy + match.l33t_entropy;
+};
+
+START_UPPER = /^[A-Z][^A-Z]+$/;
+
+END_UPPER = /^[^A-Z]+[A-Z]$/;
+
+ALL_UPPER = /^[^a-z]+$/;
+
+ALL_LOWER = /^[^A-Z]+$/;
+
+extra_uppercase_entropy = function(match) {
+  var L, U, chr, i, possibilities, regex, word, _i, _j, _len, _ref, _ref1;
+  word = match.token;
+  if (word.match(ALL_LOWER)) {
+    return 0;
+  }
+  _ref = [START_UPPER, END_UPPER, ALL_UPPER];
+  for (_i = 0, _len = _ref.length; _i < _len; _i++) {
+    regex = _ref[_i];
+    if (word.match(regex)) {
+      return 1;
+    }
+  }
+  U = ((function() {
+    var _j, _len1, _ref1, _results;
+    _ref1 = word.split('');
+    _results = [];
+    for (_j = 0, _len1 = _ref1.length; _j < _len1; _j++) {
+      chr = _ref1[_j];
+      if (chr.match(/[A-Z]/)) {
+        _results.push(chr);
+      }
+    }
+    return _results;
+  })()).length;
+  L = ((function() {
+    var _j, _len1, _ref1, _results;
+    _ref1 = word.split('');
+    _results = [];
+    for (_j = 0, _len1 = _ref1.length; _j < _len1; _j++) {
+      chr = _ref1[_j];
+      if (chr.match(/[a-z]/)) {
+        _results.push(chr);
+      }
+    }
+    return _results;
+  })()).length;
+  possibilities = 0;
+  for (i = _j = 0, _ref1 = Math.min(U, L); 0 <= _ref1 ? _j <= _ref1 : _j >= _ref1; i = 0 <= _ref1 ? ++_j : --_j) {
+    possibilities += nCk(U + L, i);
+  }
+  return lg(possibilities);
+};
+
+extra_l33t_entropy = function(match) {
+  var S, U, chr, i, possibilities, subbed, unsubbed, _i, _ref, _ref1;
+  if (!match.l33t) {
+    return 0;
+  }
+  possibilities = 0;
+  _ref = match.sub;
+  for (subbed in _ref) {
+    unsubbed = _ref[subbed];
+    S = ((function() {
+      var _i, _len, _ref1, _results;
+      _ref1 = match.token.split('');
+      _results = [];
+      for (_i = 0, _len = _ref1.length; _i < _len; _i++) {
+        chr = _ref1[_i];
+        if (chr === subbed) {
+          _results.push(chr);
+        }
+      }
+      return _results;
+    })()).length;
+    U = ((function() {
+      var _i, _len, _ref1, _results;
+      _ref1 = match.token.split('');
+      _results = [];
+      for (_i = 0, _len = _ref1.length; _i < _len; _i++) {
+        chr = _ref1[_i];
+        if (chr === unsubbed) {
+          _results.push(chr);
+        }
+      }
+      return _results;
+    })()).length;
+    for (i = _i = 0, _ref1 = Math.min(U, S); 0 <= _ref1 ? _i <= _ref1 : _i >= _ref1; i = 0 <= _ref1 ? ++_i : --_i) {
+      possibilities += nCk(U + S, i);
+    }
+  }
+  return lg(possibilities) || 1;
+};
+
+calc_bruteforce_cardinality = function(password) {
+  var c, chr, digits, lower, ord, symbols, upper, _i, _len, _ref, _ref1;
+  _ref = [false, false, false, false], lower = _ref[0], upper = _ref[1], digits = _ref[2], symbols = _ref[3];
+  _ref1 = password.split('');
+  for (_i = 0, _len = _ref1.length; _i < _len; _i++) {
+    chr = _ref1[_i];
+    ord = chr.charCodeAt(0);
+    if ((0x30 <= ord && ord <= 0x39)) {
+      digits = true;
+    } else if ((0x41 <= ord && ord <= 0x5a)) {
+      upper = true;
+    } else if ((0x61 <= ord && ord <= 0x7a)) {
+      lower = true;
+    } else {
+      symbols = true;
+    }
+  }
+  c = 0;
+  if (digits) {
+    c += 10;
+  }
+  if (upper) {
+    c += 26;
+  }
+  if (lower) {
+    c += 26;
+  }
+  if (symbols) {
+    c += 33;
+  }
+  return c;
+};
+
+display_time = function(seconds) {
+  var century, day, hour, minute, month, year;
+  minute = 60;
+  hour = minute * 60;
+  day = hour * 24;
+  month = day * 31;
+  year = month * 12;
+  century = year * 100;
+  if (seconds < minute) {
+    return 'instant';
+  } else if (seconds < hour) {
+    return "" + (1 + Math.ceil(seconds / minute)) + " minutes";
+  } else if (seconds < day) {
+    return "" + (1 + Math.ceil(seconds / hour)) + " hours";
+  } else if (seconds < month) {
+    return "" + (1 + Math.ceil(seconds / day)) + " days";
+  } else if (seconds < year) {
+    return "" + (1 + Math.ceil(seconds / month)) + " months";
+  } else if (seconds < century) {
+    return "" + (1 + Math.ceil(seconds / year)) + " years";
+  } else {
+    return 'centuries';
+  }
+};