RubyGems - zxcvbn-ruby - Versions diffs - 0.0.3 → 1.1.0 - Mend

zxcvbn-ruby 0.0.3 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

checksums.yaml +7 -0
data/.travis.yml +12 -0
data/CHANGELOG.md +42 -0
data/CODE_OF_CONDUCT.md +130 -0
data/Gemfile +8 -1
data/Guardfile +26 -0
data/{LICENSE → LICENSE.txt} +0 -0
data/README.md +165 -9
data/Rakefile +5 -1
data/lib/zxcvbn.rb +10 -36
data/lib/zxcvbn/crack_time.rb +44 -42
data/lib/zxcvbn/data.rb +29 -0
data/lib/zxcvbn/dictionary_ranker.rb +0 -2
data/lib/zxcvbn/entropy.rb +3 -1
data/lib/zxcvbn/feedback.rb +10 -0
data/lib/zxcvbn/feedback_giver.rb +133 -0
data/lib/zxcvbn/matchers/date.rb +2 -0
data/lib/zxcvbn/matchers/dictionary.rb +2 -0
data/lib/zxcvbn/matchers/digits.rb +2 -0
data/lib/zxcvbn/matchers/l33t.rb +2 -2
data/lib/zxcvbn/matchers/regex_helpers.rb +2 -0
data/lib/zxcvbn/matchers/repeat.rb +2 -0
data/lib/zxcvbn/matchers/sequences.rb +2 -0
data/lib/zxcvbn/matchers/spatial.rb +2 -0
data/lib/zxcvbn/matchers/year.rb +2 -0
data/lib/zxcvbn/math.rb +2 -2
data/lib/zxcvbn/omnimatch.rb +14 -3
data/lib/zxcvbn/password_strength.rb +7 -3
data/lib/zxcvbn/score.rb +1 -1
data/lib/zxcvbn/scorer.rb +11 -0
data/lib/zxcvbn/tester.rb +43 -0
data/lib/zxcvbn/version.rb +1 -1
data/spec/dictionary_ranker_spec.rb +2 -2
data/spec/feedback_giver_spec.rb +212 -0
data/spec/matchers/date_spec.rb +8 -8
data/spec/matchers/dictionary_spec.rb +25 -14
data/spec/matchers/digits_spec.rb +3 -3
data/spec/matchers/l33t_spec.rb +15 -13
data/spec/matchers/repeat_spec.rb +6 -6
data/spec/matchers/sequences_spec.rb +5 -5
data/spec/matchers/spatial_spec.rb +8 -8
data/spec/matchers/year_spec.rb +3 -3
data/spec/omnimatch_spec.rb +2 -2
data/spec/scoring/crack_time_spec.rb +13 -13
data/spec/scoring/entropy_spec.rb +28 -25
data/spec/scoring/math_spec.rb +22 -18
data/spec/support/matcher.rb +1 -1
data/spec/tester_spec.rb +99 -0
data/spec/zxcvbn_spec.rb +14 -39
data/zxcvbn-ruby.gemspec +11 -0
metadata +34 -29

data/lib/zxcvbn/crack_time.rb CHANGED

@@ -1,51 +1,53 @@
-module Zxcvbn::CrackTime
-  SINGLE_GUESS = 0.010
-  NUM_ATTACKERS = 100
+module Zxcvbn
+  module CrackTime
+    SINGLE_GUESS = 0.010
+    NUM_ATTACKERS = 100
-  SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS
+    SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS
-  def entropy_to_crack_time(entropy)
-    0.5 * (2 ** entropy) * SECONDS_PER_GUESS
-  end
+    def entropy_to_crack_time(entropy)
+      0.5 * (2 ** entropy) * SECONDS_PER_GUESS
+    end
-  def crack_time_to_score(seconds)
-    case
-    when seconds < 10**2
-      0
-    when seconds < 10**4
-      1
-    when seconds < 10**6
-      2
-    when seconds < 10**8
-      3
-    else
-      4
+    def crack_time_to_score(seconds)
+      case
+      when seconds < 10**2
+        0
+      when seconds < 10**4
+        1
+      when seconds < 10**6
+        2
+      when seconds < 10**8
+        3
+      else
+        4
+      end
     end
-  end
-  def display_time(seconds)
-    minute  = 60
-    hour    = minute * 60
-    day     = hour * 24
-    month   = day * 31
-    year    = month * 12
-    century = year * 100
+    def display_time(seconds)
+      minute  = 60
+      hour    = minute * 60
+      day     = hour * 24
+      month   = day * 31
+      year    = month * 12
+      century = year * 100
-    case
-    when seconds < minute
-      'instant'
-    when seconds < hour
-      "#{1 + (seconds / minute).ceil} minutes"
-    when seconds < day
-      "#{1 + (seconds / hour).ceil} hours"
-    when seconds < month
-      "#{1 + (seconds / day).ceil} days"
-    when seconds < year
-      "#{1 + (seconds / month).ceil} months"
-    when seconds < century
-      "#{1 + (seconds / year).ceil} years"
-    else
-      'centuries'
+      case
+      when seconds < minute
+        'instant'
+      when seconds < hour
+        "#{1 + (seconds / minute).ceil} minutes"
+      when seconds < day
+        "#{1 + (seconds / hour).ceil} hours"
+      when seconds < month
+        "#{1 + (seconds / day).ceil} days"
+      when seconds < year
+        "#{1 + (seconds / month).ceil} months"
+      when seconds < century
+        "#{1 + (seconds / year).ceil} years"
+      else
+        'centuries'
+      end
     end
   end
 end

data/lib/zxcvbn/data.rb ADDED

@@ -0,0 +1,29 @@
+require 'json'
+require 'zxcvbn/dictionary_ranker'
+module Zxcvbn
+  class Data
+    def initialize
+      @ranked_dictionaries = DictionaryRanker.rank_dictionaries(
+        "english" =>      read_word_list("english.txt"),
+        "female_names" => read_word_list("female_names.txt"),
+        "male_names" =>   read_word_list("male_names.txt"),
+        "passwords" =>    read_word_list("passwords.txt"),
+        "surnames" =>     read_word_list("surnames.txt")
+      )
+      @adjacency_graphs = JSON.load(DATA_PATH.join('adjacency_graphs.json').read)
+    end
+    attr_reader :ranked_dictionaries, :adjacency_graphs
+    def add_word_list(name, list)
+      @ranked_dictionaries[name] = DictionaryRanker.rank_dictionary(list)
+    end
+    private
+    def read_word_list(file)
+      DATA_PATH.join("frequency_lists", file).read.split
+    end
+  end
+end

data/lib/zxcvbn/dictionary_ranker.rb CHANGED

@@ -1,5 +1,3 @@
-# encoding: utf-8
 module Zxcvbn
   class DictionaryRanker
     def self.rank_dictionaries(lists)

data/lib/zxcvbn/entropy.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/math'
 module Zxcvbn::Entropy
   include Zxcvbn::Math
@@ -127,7 +129,7 @@ module Zxcvbn::Entropy
     # estimate the ngpumber of possible patterns w/ token length or less with number of turns or less.
     (2..token_length).each do |i|
-      possible_turns = [turns, i -1].min
+      possible_turns = [turns, i - 1].min
       (1..possible_turns).each do |j|
         possibilities += nCk(i - 1, j - 1) * starting_positions * average_degree ** j
       end

data/lib/zxcvbn/feedback.rb ADDED

@@ -0,0 +1,10 @@
+module Zxcvbn
+  class Feedback
+    attr_accessor :warning, :suggestions
+    def initialize(options = {})
+      @warning     = options[:warning]
+      @suggestions = options[:suggestions] || []
+    end
+  end
+end

data/lib/zxcvbn/feedback_giver.rb ADDED

@@ -0,0 +1,133 @@
+require 'zxcvbn/entropy'
+require 'zxcvbn/feedback'
+module Zxcvbn
+  class FeedbackGiver
+    NAME_DICTIONARIES = %w[surnames male_names female_names].freeze
+    DEFAULT_FEEDBACK = Feedback.new(
+      suggestions: [
+        'Use a few words, avoid common phrases',
+        'No need for symbols, digits, or uppercase letters'
+      ]
+    ).freeze
+    EMPTY_FEEDBACK = Feedback.new.freeze
+    def self.get_feedback(score, sequence)
+      # starting feedback
+      return DEFAULT_FEEDBACK if sequence.length.zero?
+      # no feedback if score is good or great.
+      return EMPTY_FEEDBACK if score > 2
+      # tie feedback to the longest match for longer sequences
+      longest_match = sequence[0]
+      for match in sequence[1..-1]
+        longest_match = match if match.token.length > longest_match.token.length
+      end
+      feedback = get_match_feedback(longest_match, sequence.length == 1)
+      extra_feedback = 'Add another word or two. Uncommon words are better.'
+      if feedback.nil?
+        feedback = Feedback.new(suggestions: [extra_feedback])
+      else
+        feedback.suggestions.unshift extra_feedback
+      end
+      feedback
+    end
+    def self.get_match_feedback(match, is_sole_match)
+      case match.pattern
+      when 'dictionary'
+        get_dictionary_match_feedback match, is_sole_match
+      when 'spatial'
+        layout = match.graph.upcase
+        warning = if match.turns == 1
+                    'Straight rows of keys are easy to guess'
+                  else
+                    'Short keyboard patterns are easy to guess'
+                  end
+        Feedback.new(
+          warning: warning,
+          suggestions: [
+            'Use a longer keyboard pattern with more turns'
+          ]
+        )
+      when 'repeat'
+        Feedback.new(
+          warning: 'Repeats like "aaa" are easy to guess',
+          suggestions: [
+            'Avoid repeated words and characters'
+          ]
+        )
+      when 'sequence'
+        Feedback.new(
+          warning: 'Sequences like abc or 6543 are easy to guess',
+          suggestions: [
+            'Avoid sequences'
+          ]
+        )
+      when 'date'
+        Feedback.new(
+          warning: 'Dates are often easy to guess',
+          suggestions: [
+            'Avoid dates and years that are associated with you'
+          ]
+        )
+      end
+    end
+    def self.get_dictionary_match_feedback(match, is_sole_match)
+      warning = if match.dictionary_name == 'passwords'
+                  if is_sole_match && !match.l33t && !match.reversed
+                    if match.rank <= 10
+                      'This is a top-10 common password'
+                    elsif match.rank <= 100
+                      'This is a top-100 common password'
+                    else
+                      'This is a very common password'
+                    end
+                  else
+                    'This is similar to a commonly used password'
+                  end
+                elsif NAME_DICTIONARIES.include? match.dictionary_name
+                  if is_sole_match
+                    'Names and surnames by themselves are easy to guess'
+                  else
+                    'Common names and surnames are easy to guess'
+                  end
+                end
+      suggestions = []
+      word = match.token
+      if word =~ Zxcvbn::Entropy::START_UPPER
+        suggestions.push "Capitalization doesn't help very much"
+      elsif word =~ Zxcvbn::Entropy::ALL_UPPER && word.downcase != word
+        suggestions.push(
+          'All-uppercase is almost as easy to guess as all-lowercase'
+        )
+      end
+      if match.l33t
+        suggestions.push(
+          "Predictable substitutions like '@' instead of 'a' \
+don't help very much"
+        )
+      end
+      Feedback.new(
+        warning: warning,
+        suggestions: suggestions
+      )
+    end
+  end
+end

data/lib/zxcvbn/matchers/date.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/matchers/regex_helpers'
 module Zxcvbn
   module Matchers
     class Date

data/lib/zxcvbn/matchers/dictionary.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     # Given a password and a dictionary, match on any sequential segment of

data/lib/zxcvbn/matchers/digits.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/matchers/regex_helpers'
 module Zxcvbn
   module Matchers
     class Digits

data/lib/zxcvbn/matchers/l33t.rb CHANGED

@@ -31,8 +31,8 @@ module Zxcvbn
               token = password[match.i..match.j]
               next if token.downcase == match.matched_word.downcase
               match_substitutions = {}
-              substitution.each do |substitution, letter|
-                match_substitutions[substitution] = letter if token.include?(substitution)
+              substitution.each do |s, letter|
+                match_substitutions[s] = letter if token.include?(s)
               end
               match.l33t = true
               match.token = password[match.i..match.j]

data/lib/zxcvbn/matchers/regex_helpers.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     module RegexHelpers

data/lib/zxcvbn/matchers/repeat.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     class Repeat

data/lib/zxcvbn/matchers/sequences.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     class Sequences

data/lib/zxcvbn/matchers/spatial.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/match'
 module Zxcvbn
   module Matchers
     class Spatial

data/lib/zxcvbn/matchers/year.rb CHANGED

@@ -1,3 +1,5 @@
+require 'zxcvbn/matchers/regex_helpers'
 module Zxcvbn
   module Matchers
     class Year

data/lib/zxcvbn/math.rb CHANGED

@@ -41,14 +41,14 @@ module Zxcvbn
     end
     def average_degree_for_graph(graph_name)
-      graph = Zxcvbn::ADJACENCY_GRAPHS[graph_name]
+      graph = data.adjacency_graphs[graph_name]
       degrees = graph.map { |_, neighbors| neighbors.compact.size }
       sum = degrees.inject(0, :+)
       sum.to_f / graph.size
     end
     def starting_positions_for_graph(graph_name)
-      Zxcvbn::ADJACENCY_GRAPHS[graph_name].length
+      data.adjacency_graphs[graph_name].length
     end
   end
 end

data/lib/zxcvbn/omnimatch.rb CHANGED

@@ -1,6 +1,17 @@
+require 'zxcvbn/dictionary_ranker'
+require 'zxcvbn/matchers/dictionary'
+require 'zxcvbn/matchers/l33t'
+require 'zxcvbn/matchers/spatial'
+require 'zxcvbn/matchers/digits'
+require 'zxcvbn/matchers/repeat'
+require 'zxcvbn/matchers/sequences'
+require 'zxcvbn/matchers/year'
+require 'zxcvbn/matchers/date'
 module Zxcvbn
   class Omnimatch
-    def initialize
+    def initialize(data)
+      @data = data
       @matchers = build_matchers
     end
@@ -24,14 +35,14 @@ module Zxcvbn
     def build_matchers
       matchers = []
-      dictionary_matchers = RANKED_DICTIONARIES.map do |name, dictionary|
+      dictionary_matchers = @data.ranked_dictionaries.map do |name, dictionary|
         Matchers::Dictionary.new(name, dictionary)
       end
       l33t_matcher = Matchers::L33t.new(dictionary_matchers)
       matchers += dictionary_matchers
       matchers += [
         l33t_matcher,
-        Matchers::Spatial.new(ADJACENCY_GRAPHS),
+        Matchers::Spatial.new(@data.adjacency_graphs),
         Matchers::Digits.new,
         Matchers::Repeat.new,
         Matchers::Sequences.new,

data/lib/zxcvbn/password_strength.rb CHANGED

@@ -1,10 +1,13 @@
 require 'benchmark'
+require 'zxcvbn/feedback_giver'
+require 'zxcvbn/omnimatch'
+require 'zxcvbn/scorer'
 module Zxcvbn
   class PasswordStrength
-    def initialize
-      @omnimatch = Omnimatch.new
-      @scorer = Scorer.new
+    def initialize(data)
+      @omnimatch = Omnimatch.new(data)
+      @scorer = Scorer.new(data)
     end
     def test(password, user_inputs = [])
@@ -15,6 +18,7 @@ module Zxcvbn
         result = @scorer.minimum_entropy_match_sequence(password, matches)
       end
       result.calc_time = calc_time
+      result.feedback = FeedbackGiver.get_feedback(result.score, result.match_sequence)
       result
     end
   end

data/lib/zxcvbn/score.rb CHANGED

@@ -1,7 +1,7 @@
 module Zxcvbn
   class Score
     attr_accessor :entropy, :crack_time, :crack_time_display, :score, :pattern,
-                  :match_sequence, :password, :calc_time
+                  :match_sequence, :password, :calc_time, :feedback
     def initialize(options = {})
       @entropy            = options[:entropy]