Documentation

Scorer
in package

scorer - takes a list of potential matches, ranks and evaluates them, and figures out how many guesses it would take to crack the password

Tags
see

zxcvbn/src/scoring.coffee

Table of Contents

Constants

MIN_GUESSES_BEFORE_GROWING_SEQUENCE  = 10000
MIN_SUBMATCH_GUESSES_MULTI_CHAR  = 50
MIN_SUBMATCH_GUESSES_SINGLE_CHAR  = 10

Properties

$excludeAdditive  : mixed
$optimal  : mixed
$password  : mixed

Methods

getMostGuessableMatchSequence()  : array<string|int, mixed>
------------------------------------------------------------------------------ search --- most guessable match sequence ------------------------------------- ------------------------------------------------------------------------------
bruteforceUpdate()  : void
helper: evaluate bruteforce matches ending at k
factorial()  : int
unoptimized, called only on small n
makeBruteforceMatch()  : Bruteforce
helper: make bruteforce match objects spanning i to j, inclusive.
unwind()  : array<string|int, MatchInterface>
helper: step backwards through optimal.m starting at the end, constructing the final optimal match sequence.
update()  : void
helper: considers whether a length-l sequence ending at match m is better (fewer guesses) than previously encountered sequences, updating state if so.

Constants

MIN_GUESSES_BEFORE_GROWING_SEQUENCE

public mixed MIN_GUESSES_BEFORE_GROWING_SEQUENCE = 10000

MIN_SUBMATCH_GUESSES_MULTI_CHAR

public mixed MIN_SUBMATCH_GUESSES_MULTI_CHAR = 50

MIN_SUBMATCH_GUESSES_SINGLE_CHAR

public mixed MIN_SUBMATCH_GUESSES_SINGLE_CHAR = 10

Properties

$excludeAdditive

protected mixed $excludeAdditive

$optimal

protected mixed $optimal = []

$password

protected mixed $password

Methods

getMostGuessableMatchSequence()

------------------------------------------------------------------------------ search --- most guessable match sequence ------------------------------------- ------------------------------------------------------------------------------

public getMostGuessableMatchSequence(string $password, array<string|int, MatchInterface$matches[, bool $excludeAdditive = false ]) : array<string|int, mixed>

takes a sequence of overlapping matches, returns the non-overlapping sequence with minimum guesses. the following is a O(l_max * (n + m)) dynamic programming algorithm for a length-n password with m candidate matches. l_max is the maximum optimal sequence length spanning each prefix of the password. In practice it rarely exceeds 5 and the search terminates rapidly.

the optimal "minimum guesses" sequence is here defined to be the sequence that minimizes the following function:

g = l! * Product(m.guesses for m in sequence) + D^(l - 1)

where l is the length of the sequence.

the factorial term is the number of ways to order l patterns.

the D^(l-1) term is another length penalty, roughly capturing the idea that an attacker will try lower-length sequences first before trying length-l sequences.

for example, consider a sequence that is date-repeat-dictionary.

  • an attacker would need to try other date-repeat-dictionary combinations, hence the product term.
  • an attacker would need to try repeat-date-dictionary, dictionary-repeat-date, ..., hence the factorial term.
  • an attacker would also likely try length-1 (dictionary) and length-2 (dictionary-date) sequences before length-3. assuming at minimum D guesses per pattern type, D^(l-1) approximates Sum(D^i for i in [1..l-1]
Parameters
$password : string
$matches : array<string|int, MatchInterface>
$excludeAdditive : bool = false
Return values
array<string|int, mixed>

Returns an array with these keys: [password, guesses, guesses_log10, sequence]

bruteforceUpdate()

helper: evaluate bruteforce matches ending at k

protected bruteforceUpdate(int $end) : void
Parameters
$end : int

factorial()

unoptimized, called only on small n

protected factorial(int $n) : int
Parameters
$n : int
Return values
int

makeBruteforceMatch()

helper: make bruteforce match objects spanning i to j, inclusive.

protected makeBruteforceMatch(int $begin, int $end) : Bruteforce
Parameters
$begin : int
$end : int
Return values
Bruteforce

unwind()

helper: step backwards through optimal.m starting at the end, constructing the final optimal match sequence.

protected unwind(int $n) : array<string|int, MatchInterface>
Parameters
$n : int
Return values
array<string|int, MatchInterface>

update()

helper: considers whether a length-l sequence ending at match m is better (fewer guesses) than previously encountered sequences, updating state if so.

protected update(BaseMatch $match, int $length) : void
Parameters
$match : BaseMatch
$length : int 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results