RubyGems - zxcvbn-ruby - Versions diffs - 0.0.3 → 1.1.0 - Mend

zxcvbn-ruby 0.0.3 → 1.1.0

Files changed (51) hide show

checksums.yaml +7 -0
data/.travis.yml +12 -0
data/CHANGELOG.md +42 -0
data/CODE_OF_CONDUCT.md +130 -0
data/Gemfile +8 -1
data/Guardfile +26 -0
data/{LICENSE → LICENSE.txt} +0 -0
data/README.md +165 -9
data/Rakefile +5 -1
data/lib/zxcvbn.rb +10 -36
data/lib/zxcvbn/crack_time.rb +44 -42
data/lib/zxcvbn/data.rb +29 -0
data/lib/zxcvbn/dictionary_ranker.rb +0 -2
data/lib/zxcvbn/entropy.rb +3 -1
data/lib/zxcvbn/feedback.rb +10 -0
data/lib/zxcvbn/feedback_giver.rb +133 -0
data/lib/zxcvbn/matchers/date.rb +2 -0
data/lib/zxcvbn/matchers/dictionary.rb +2 -0
data/lib/zxcvbn/matchers/digits.rb +2 -0
data/lib/zxcvbn/matchers/l33t.rb +2 -2
data/lib/zxcvbn/matchers/regex_helpers.rb +2 -0
data/lib/zxcvbn/matchers/repeat.rb +2 -0
data/lib/zxcvbn/matchers/sequences.rb +2 -0
data/lib/zxcvbn/matchers/spatial.rb +2 -0
data/lib/zxcvbn/matchers/year.rb +2 -0
data/lib/zxcvbn/math.rb +2 -2
data/lib/zxcvbn/omnimatch.rb +14 -3
data/lib/zxcvbn/password_strength.rb +7 -3
data/lib/zxcvbn/score.rb +1 -1
data/lib/zxcvbn/scorer.rb +11 -0
data/lib/zxcvbn/tester.rb +43 -0
data/lib/zxcvbn/version.rb +1 -1
data/spec/dictionary_ranker_spec.rb +2 -2
data/spec/feedback_giver_spec.rb +212 -0
data/spec/matchers/date_spec.rb +8 -8
data/spec/matchers/dictionary_spec.rb +25 -14
data/spec/matchers/digits_spec.rb +3 -3
data/spec/matchers/l33t_spec.rb +15 -13
data/spec/matchers/repeat_spec.rb +6 -6
data/spec/matchers/sequences_spec.rb +5 -5
data/spec/matchers/spatial_spec.rb +8 -8
data/spec/matchers/year_spec.rb +3 -3
data/spec/omnimatch_spec.rb +2 -2
data/spec/scoring/crack_time_spec.rb +13 -13
data/spec/scoring/entropy_spec.rb +28 -25
data/spec/scoring/math_spec.rb +22 -18
data/spec/support/matcher.rb +1 -1
data/spec/tester_spec.rb +99 -0
data/spec/zxcvbn_spec.rb +14 -39
data/zxcvbn-ruby.gemspec +11 -0
metadata +34 -29

@@ -1,51 +1,53 @@
-module Zxcvbn::CrackTime
-  SINGLE_GUESS = 0.010
-  NUM_ATTACKERS = 100
+module Zxcvbn
+  module CrackTime
+    SINGLE_GUESS = 0.010
+    NUM_ATTACKERS = 100
-  SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS
+    SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS
-  def entropy_to_crack_time(entropy)
-    0.5 * (2 ** entropy) * SECONDS_PER_GUESS
-  end
+    def entropy_to_crack_time(entropy)
+      0.5 * (2 ** entropy) * SECONDS_PER_GUESS
+    end
-  def crack_time_to_score(seconds)
-    case
-    when seconds < 10**2
-      0
-    when seconds < 10**4
-      1
-    when seconds < 10**6
-      2
-    when seconds < 10**8
-      3
-    else
-      4
+    def crack_time_to_score(seconds)
+      case
+      when seconds < 10**2
+        0
+      when seconds < 10**4
+        1
+      when seconds < 10**6
+        2
+      when seconds < 10**8
+        3
+      else
+        4
+      end
     end
-  end
-  def display_time(seconds)
-    minute  = 60
-    hour    = minute * 60
-    day     = hour * 24
-    month   = day * 31
-    year    = month * 12
-    century = year * 100
+    def display_time(seconds)
+      minute  = 60
+      hour    = minute * 60
+      day     = hour * 24
+      month   = day * 31
+      year    = month * 12
+      century = year * 100
-    case
-    when seconds < minute
-      'instant'
-    when seconds < hour
-      "#{1 + (seconds / minute).ceil} minutes"
-    when seconds < day
-      "#{1 + (seconds / hour).ceil} hours"
-    when seconds < month
-      "#{1 + (seconds / day).ceil} days"
-    when seconds < year
-      "#{1 + (seconds / month).ceil} months"
-    when seconds < century
-      "#{1 + (seconds / year).ceil} years"
-    else
-      'centuries'
+      case
+      when seconds < minute
+        'instant'
+      when seconds < hour
+        "#{1 + (seconds / minute).ceil} minutes"
+      when seconds < day
+        "#{1 + (seconds / hour).ceil} hours"
+      when seconds < month
+        "#{1 + (seconds / day).ceil} days"
+      when seconds < year
+        "#{1 + (seconds / month).ceil} months"
+      when seconds < century
+        "#{1 + (seconds / year).ceil} years"
+      else
+        'centuries'
+      end
     end
   end
 end

data/lib/zxcvbn/data.rb ADDED

@@ -0,0 +1,29 @@
+require 'json'
+require 'zxcvbn/dictionary_ranker'
+module Zxcvbn
+  class Data
+    def initialize
+      @ranked_dictionaries = DictionaryRanker.rank_dictionaries(
+        "english" =>      read_word_list("english.txt"),
+        "female_names" => read_word_list("female_names.txt"),
+        "male_names" =>   read_word_list("male_names.txt"),
+        "passwords" =>    read_word_list("passwords.txt"),
+        "surnames" =>     read_word_list("surnames.txt")
+      )
+      @adjacency_graphs = JSON.load(DATA_PATH.join('adjacency_graphs.json').read)
+    end
+    attr_reader :ranked_dictionaries, :adjacency_graphs
+    def add_word_list(name, list)
+      @ranked_dictionaries[name] = DictionaryRanker.rank_dictionary(list)
+    end
+    private
+    def read_word_list(file)
+      DATA_PATH.join("frequency_lists", file).read.split
+    end
+  end
+end

data/lib/zxcvbn/dictionary_ranker.rb CHANGED

@@ -1,5 +1,3 @@
-# encoding: utf-8
 module Zxcvbn
   class DictionaryRanker
     def self.rank_dictionaries(lists)

data/lib/zxcvbn/entropy.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/math'
 module Zxcvbn::Entropy
   include Zxcvbn::Math
@@ -127,7 +129,7 @@ module Zxcvbn::Entropy
     # estimate the ngpumber of possible patterns w/ token length or less with number of turns or less.
     (2..token_length).each do |i|
-      possible_turns = [turns, i -1].min
+      possible_turns = [turns, i - 1].min
       (1..possible_turns).each do |j|
         possibilities += nCk(i - 1, j - 1) * starting_positions * average_degree ** j
       end

data/lib/zxcvbn/feedback.rb ADDED

@@ -0,0 +1,10 @@
+module Zxcvbn
+  class Feedback
+    attr_accessor :warning, :suggestions
+    def initialize(options = {})
+      @warning     = options[:warning]
+      @suggestions = options[:suggestions] || []
+    end
+  end
+end

data/lib/zxcvbn/feedback_giver.rb ADDED

@@ -0,0 +1,133 @@
+require 'zxcvbn/entropy'
+require 'zxcvbn/feedback'
+module Zxcvbn
+  class FeedbackGiver
+    NAME_DICTIONARIES = %w[surnames male_names female_names].freeze
+    DEFAULT_FEEDBACK = Feedback.new(
+      suggestions: [
+        'Use a few words, avoid common phrases',
+        'No need for symbols, digits, or uppercase letters'
+      ]
+    ).freeze
+    EMPTY_FEEDBACK = Feedback.new.freeze
+    def self.get_feedback(score, sequence)
+      # starting feedback
+      return DEFAULT_FEEDBACK if sequence.length.zero?
+      # no feedback if score is good or great.
+      return EMPTY_FEEDBACK if score > 2
+      # tie feedback to the longest match for longer sequences
+      longest_match = sequence[0]
+      for match in sequence[1..-1]
+        longest_match = match if match.token.length > longest_match.token.length
+      end
+      feedback = get_match_feedback(longest_match, sequence.length == 1)
+      extra_feedback = 'Add another word or two. Uncommon words are better.'
+      if feedback.nil?
+        feedback = Feedback.new(suggestions: [extra_feedback])
+      else
+        feedback.suggestions.unshift extra_feedback
+      end
+      feedback
+    end
+    def self.get_match_feedback(match, is_sole_match)
+      case match.pattern
+      when 'dictionary'
+        get_dictionary_match_feedback match, is_sole_match
+      when 'spatial'
+        layout = match.graph.upcase
+        warning = if match.turns == 1
+                    'Straight rows of keys are easy to guess'
+                  else
+                    'Short keyboard patterns are easy to guess'
+                  end
+        Feedback.new(
+          warning: warning,
+          suggestions: [
+            'Use a longer keyboard pattern with more turns'
+          ]
+        )
+      when 'repeat'
+        Feedback.new(
+          warning: 'Repeats like "aaa" are easy to guess',
+          suggestions: [
+            'Avoid repeated words and characters'
+          ]
+        )
+      when 'sequence'
+        Feedback.new(
+          warning: 'Sequences like abc or 6543 are easy to guess',
+          suggestions: [
+            'Avoid sequences'
+          ]
+        )
+      when 'date'
+        Feedback.new(
+          warning: 'Dates are often easy to guess',
+          suggestions: [
+            'Avoid dates and years that are associated with you'
+          ]
+        )
+      end
+    end
+    def self.get_dictionary_match_feedback(match, is_sole_match)
+      warning = if match.dictionary_name == 'passwords'
+                  if is_sole_match && !match.l33t && !match.reversed
+                    if match.rank <= 10
+                      'This is a top-10 common password'
+                    elsif match.rank <= 100
+                      'This is a top-100 common password'
+                    else
+                      'This is a very common password'
+                    end
+                  else
+                    'This is similar to a commonly used password'
+                  end
+                elsif NAME_DICTIONARIES.include? match.dictionary_name
+                  if is_sole_match
+                    'Names and surnames by themselves are easy to guess'
+                  else
+                    'Common names and surnames are easy to guess'
+                  end
+                end
+      suggestions = []
+      word = match.token
+      if word =~ Zxcvbn::Entropy::START_UPPER
+        suggestions.push "Capitalization doesn't help very much"
+      elsif word =~ Zxcvbn::Entropy::ALL_UPPER && word.downcase != word
+        suggestions.push(
+          'All-uppercase is almost as easy to guess as all-lowercase'
+        )
+      end
+      if match.l33t
+        suggestions.push(
+          "Predictable substitutions like '@' instead of 'a' \
+don't help very much"
+        )
+      end
+      Feedback.new(
+        warning: warning,
+        suggestions: suggestions
+      )
+    end
+  end
+end

data/lib/zxcvbn/matchers/date.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/matchers/regex_helpers'
 module Zxcvbn
   module Matchers
     class Date

data/lib/zxcvbn/matchers/dictionary.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     # Given a password and a dictionary, match on any sequential segment of

data/lib/zxcvbn/matchers/digits.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/matchers/regex_helpers'
 module Zxcvbn
   module Matchers
     class Digits

data/lib/zxcvbn/matchers/l33t.rb CHANGED

@@ -31,8 +31,8 @@ module Zxcvbn
               token = password[match.i..match.j]
               next if token.downcase == match.matched_word.downcase
               match_substitutions = {}
-              substitution.each do |substitution, letter|
-                match_substitutions[substitution] = letter if token.include?(substitution)
+              substitution.each do |s, letter|
+                match_substitutions[s] = letter if token.include?(s)
               end
               match.l33t = true
               match.token = password[match.i..match.j]

data/lib/zxcvbn/matchers/regex_helpers.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     module RegexHelpers

data/lib/zxcvbn/matchers/repeat.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     class Repeat

data/lib/zxcvbn/matchers/sequences.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     class Sequences

data/lib/zxcvbn/matchers/spatial.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     class Spatial

data/lib/zxcvbn/matchers/year.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/matchers/regex_helpers'
 module Zxcvbn
   module Matchers
     class Year

data/lib/zxcvbn/math.rb CHANGED

@@ -41,14 +41,14 @@ module Zxcvbn
     end
     def average_degree_for_graph(graph_name)
-      graph = Zxcvbn::ADJACENCY_GRAPHS[graph_name]
+      graph = data.adjacency_graphs[graph_name]
       degrees = graph.map { |_, neighbors| neighbors.compact.size }
       sum = degrees.inject(0, :+)
       sum.to_f / graph.size
     end
     def starting_positions_for_graph(graph_name)
-      Zxcvbn::ADJACENCY_GRAPHS[graph_name].length
+      data.adjacency_graphs[graph_name].length
     end
   end
 end

data/lib/zxcvbn/omnimatch.rb CHANGED

@@ -1,6 +1,17 @@
+require 'zxcvbn/dictionary_ranker'
+require 'zxcvbn/matchers/dictionary'
+require 'zxcvbn/matchers/l33t'
+require 'zxcvbn/matchers/spatial'
+require 'zxcvbn/matchers/digits'
+require 'zxcvbn/matchers/repeat'
+require 'zxcvbn/matchers/sequences'
+require 'zxcvbn/matchers/year'
+require 'zxcvbn/matchers/date'
 module Zxcvbn
   class Omnimatch
-    def initialize
+    def initialize(data)
+      @data = data
       @matchers = build_matchers
     end
@@ -24,14 +35,14 @@ module Zxcvbn
     def build_matchers
       matchers = []
-      dictionary_matchers = RANKED_DICTIONARIES.map do |name, dictionary|
+      dictionary_matchers = @data.ranked_dictionaries.map do |name, dictionary|
         Matchers::Dictionary.new(name, dictionary)
       end
       l33t_matcher = Matchers::L33t.new(dictionary_matchers)
       matchers += dictionary_matchers
       matchers += [
         l33t_matcher,
-        Matchers::Spatial.new(ADJACENCY_GRAPHS),
+        Matchers::Spatial.new(@data.adjacency_graphs),
         Matchers::Digits.new,
         Matchers::Repeat.new,
         Matchers::Sequences.new,

data/lib/zxcvbn/password_strength.rb CHANGED

@@ -1,10 +1,13 @@
 require 'benchmark'
+require 'zxcvbn/feedback_giver'
+require 'zxcvbn/omnimatch'
+require 'zxcvbn/scorer'
 module Zxcvbn
   class PasswordStrength
-    def initialize
-      @omnimatch = Omnimatch.new
-      @scorer = Scorer.new
+    def initialize(data)
+      @omnimatch = Omnimatch.new(data)
+      @scorer = Scorer.new(data)
     end
     def test(password, user_inputs = [])
@@ -15,6 +18,7 @@ module Zxcvbn
         result = @scorer.minimum_entropy_match_sequence(password, matches)
       end
       result.calc_time = calc_time
+      result.feedback = FeedbackGiver.get_feedback(result.score, result.match_sequence)
       result
     end
   end

data/lib/zxcvbn/score.rb CHANGED

@@ -1,7 +1,7 @@
 module Zxcvbn
   class Score
     attr_accessor :entropy, :crack_time, :crack_time_display, :score, :pattern,
-                  :match_sequence, :password, :calc_time
+                  :match_sequence, :password, :calc_time, :feedback
     def initialize(options = {})
       @entropy            = options[:entropy]