public Strength measure(String password, List<String> sanitizedInputs) { if (password == null) { throw new IllegalArgumentException("Password is null."); } List<String> lowerSanitizedInputs; if (sanitizedInputs != null && !sanitizedInputs.isEmpty()) { lowerSanitizedInputs = new ArrayList<>(sanitizedInputs.size()); for (String sanitizedInput : sanitizedInputs) { lowerSanitizedInputs.add(sanitizedInput.toLowerCase()); } } else { lowerSanitizedInputs = Collections.emptyList(); } long start = time(); Matching matching = createMatching(lowerSanitizedInputs); List<Match> matches = matching.omnimatch(password); Strength strength = Scoring.mostGuessableMatchSequence(password, matches); strength.setCalcTime(time() - start); AttackTimes attackTimes = TimeEstimates.estimateAttackTimes(strength.getGuesses()); strength.setCrackTimeSeconds(attackTimes.getCrackTimeSeconds()); strength.setCrackTimesDisplay(attackTimes.getCrackTimesDisplay()); strength.setScore(attackTimes.getScore()); strength.setFeedback(Feedback.getFeedback(strength.getScore(), strength.getSequence())); return strength; }
Integer optimalL = optimalMatchSequence.size(); double guesses = password.length() == 0 ? 1 : optimal.g.get(n - 1).get(optimalL); Strength strength = new Strength(); strength.setPassword(password); strength.setGuesses(guesses); strength.setGuessesLog10(log10(guesses)); strength.setSequence(optimalMatchSequence); return strength;
int j = match.start(0) + match.group(0).length() - 1; Strength baseAnalysis = Scoring.mostGuessableMatchSequence(baseToken, new Matching(new ArrayList<String>()).omnimatch(baseToken)); List<Match> baseMatches = baseAnalysis.getSequence(); double baseGuesses = baseAnalysis.getGuesses(); matches.add(MatchFactory.createRepeatMatch(i, j, match.group(0), baseToken, baseGuesses, baseMatches, match.group(0).length() / baseToken.length())); lastIndex = j + 1;
public Strength getScore(final String password) { if(StringUtils.isEmpty(password)) { return Strength.veryweak; } else { final int score = zxcvbn.measure(password, Collections.singletonList( PreferencesFactory.get().getProperty("application.name"))).getScore(); switch(score) { case 0: return Strength.veryweak; case 1: return Strength.weak; case 2: return Strength.fair; case 3: return Strength.strong; case 4: default: return Strength.verystrong; } } }
@Test public void testRepeatGuesses() throws Exception { double baseGuesses = Scoring.mostGuessableMatchSequence( baseToken, new Matching().omnimatch(baseToken)).getGuesses(); Match match = new Match.Builder(Pattern.Repeat, 0, 0, token) .baseToken(baseToken) .baseGuesses(baseGuesses) .repeatCount(repeatCount) .build(); double expectedGuesses = baseGuesses * repeatCount; String msg = String.format("the repeat pattern '%s' has guesses of %s", token, expectedGuesses); assertEquals(msg, expectedGuesses, new RepeatGuess().exec(match), 0.0); }
public static int judgePasswordStrengthUsingZxcvbnAlgorithm( final Configuration configuration, final String password ) { final Zxcvbn zxcvbn = new Zxcvbn(); final Strength strength = zxcvbn.measure( password ); final int zxcvbnScore = strength.getScore(); // zxcvbn returns a score of 0-4 (see: https://github.com/dropbox/zxcvbn) switch ( zxcvbnScore ) { case 4: return Integer.parseInt( configuration.readAppProperty( AppProperty.PASSWORD_STRENGTH_THRESHOLD_VERY_STRONG ) ); case 3: return Integer.parseInt( configuration.readAppProperty( AppProperty.PASSWORD_STRENGTH_THRESHOLD_STRONG ) ); case 2: return Integer.parseInt( configuration.readAppProperty( AppProperty.PASSWORD_STRENGTH_THRESHOLD_GOOD ) ); case 1: return Integer.parseInt( configuration.readAppProperty( AppProperty.PASSWORD_STRENGTH_THRESHOLD_WEAK ) ); default: return Integer.parseInt( configuration.readAppProperty( AppProperty.PASSWORD_STRENGTH_THRESHOLD_VERY_WEAK ) ); } }
int j = match.start(0) + match.group(0).length() - 1; Strength baseAnalysis = Scoring.mostGuessableMatchSequence(baseToken, new Matching(new ArrayList<String>()).omnimatch(baseToken)); List<Match> baseMatches = baseAnalysis.getSequence(); double baseGuesses = baseAnalysis.getGuesses(); matches.add(MatchFactory.createRepeatMatch(i, j, match.group(0), baseToken, baseGuesses, baseMatches, match.group(0).length() / baseToken.length())); lastIndex = j + 1;
public Strength measure(String password, List<String> sanitizedInputs) { if (password == null) { throw new IllegalArgumentException("Password is null."); } List<String> lowerSanitizedInputs; if (sanitizedInputs != null && !sanitizedInputs.isEmpty()) { lowerSanitizedInputs = new ArrayList<>(sanitizedInputs.size()); for (String sanitizedInput : sanitizedInputs) { lowerSanitizedInputs.add(sanitizedInput.toLowerCase()); } } else { lowerSanitizedInputs = Collections.emptyList(); } long start = time(); Matching matching = createMatching(lowerSanitizedInputs); List<Match> matches = matching.omnimatch(password); Strength strength = Scoring.mostGuessableMatchSequence(password, matches); strength.setCalcTime(time() - start); AttackTimes attackTimes = TimeEstimates.estimateAttackTimes(strength.getGuesses()); strength.setCrackTimeSeconds(attackTimes.getCrackTimeSeconds()); strength.setCrackTimesDisplay(attackTimes.getCrackTimesDisplay()); strength.setScore(attackTimes.getScore()); strength.setFeedback(Feedback.getFeedback(strength.getScore(), strength.getSequence())); return strength; }
Integer optimalL = optimalMatchSequence.size(); double guesses = password.length() == 0 ? 1 : optimal.g.get(n - 1).get(optimalL); Strength strength = new Strength(); strength.setPassword(password); strength.setGuesses(guesses); strength.setGuessesLog10(log10(guesses)); strength.setSequence(optimalMatchSequence); return strength;
@Test public void testMeasure() throws Exception { // add password to the engine scope engine.put("pwd", password); @SuppressWarnings("unchecked") Map<String, Object> result = (Map<String, Object>) engine.eval("zxcvbn(pwd);"); Object score = result.get("score"); int jsScore; // nashorn returns int, rhino returns double if (score instanceof Double) { jsScore = ((Double) score).intValue(); } else { jsScore = (int) score; } int javaScore = zxcvbn.measure(password).getScore(); Assert.assertEquals("Password score difference for " + password, jsScore, javaScore); }