From 20f459ce8f78ddcbca23fcd8d220b5cc2ec24006 Mon Sep 17 00:00:00 2001 From: Ian Coleman Date: Sat, 17 Jun 2017 09:34:50 +1000 Subject: [PATCH] Change entropy Strength to Time To Crack See issue 78 --- src/index.html | 4 ++-- src/js/index.js | 38 ++++++++------------------------------ tests.js | 44 ++++++++++++++++++++++---------------------- 3 files changed, 32 insertions(+), 54 deletions(-) diff --git a/src/index.html b/src/index.html index bc8ffba..5edd68e 100644 --- a/src/index.html +++ b/src/index.html @@ -165,8 +165,8 @@
- -
+ +
diff --git a/src/js/index.js b/src/js/index.js index 3b86e42..2bb766d 100644 --- a/src/js/index.js +++ b/src/js/index.js @@ -30,7 +30,7 @@ DOM.entropy = $(".entropy"); DOM.entropyFiltered = DOM.entropyContainer.find(".filtered"); DOM.entropyType = DOM.entropyContainer.find(".type"); - DOM.entropyStrength = DOM.entropyContainer.find(".strength"); + DOM.entropyCrackTime = DOM.entropyContainer.find(".crack-time"); DOM.entropyEventCount = DOM.entropyContainer.find(".event-count"); DOM.entropyBits = DOM.entropyContainer.find(".bits"); DOM.entropyBitsPerEvent = DOM.entropyContainer.find(".bits-per-event"); @@ -915,7 +915,7 @@ } function clearEntropyFeedback() { - DOM.entropyStrength.text("..."); + DOM.entropyCrackTime.text("..."); DOM.entropyType.text(""); DOM.entropyWordCount.text("0"); DOM.entropyEventCount.text("0"); @@ -927,37 +927,15 @@ function showEntropyFeedback(entropy) { var numberOfBits = entropy.binaryStr.length; - var strength = "extremely weak"; - if (numberOfBits >= 64) { - strength = "very weak"; - } - if (numberOfBits >= 96) { - strength = "weak"; - } - if (numberOfBits >= 128) { - strength = "strong"; - } - if (numberOfBits >= 160) { - strength = "very strong"; - } - if (numberOfBits >= 192) { - strength = "extremely strong"; - } - // If time to crack is less than one day, and password is considered - // strong or better based on the number of bits, rename strength to - // 'easily cracked'. + var timeToCrack = "unknown"; try { var z = zxcvbn(entropy.base.parts.join("")); - var timeToCrack = z.crack_times_seconds.offline_fast_hashing_1e10_per_second; - if (timeToCrack < 86400 && entropy.binaryStr.length >= 128) { - strength = "easily cracked"; - if (z.feedback.warning != "") { - strength = strength + " - " + z.feedback.warning; - }; - } + timeToCrack = z.crack_times_display.offline_fast_hashing_1e10_per_second; + if (z.feedback.warning != "") { + timeToCrack = timeToCrack + " - " + z.feedback.warning; + }; } catch (e) { - strength = "unknown"; console.log("Error detecting entropy strength with zxcvbn:"); console.log(e); } @@ -966,7 +944,7 @@ var bitsPerEvent = entropy.bitsPerEvent.toFixed(2); DOM.entropyFiltered.html(entropy.cleanHtml); DOM.entropyType.text(entropyTypeStr); - DOM.entropyStrength.text(strength); + DOM.entropyCrackTime.text(timeToCrack); DOM.entropyEventCount.text(entropy.base.ints.length); DOM.entropyBits.text(numberOfBits); DOM.entropyWordCount.text(wordCount); diff --git a/tests.js b/tests.js index f346729..c2f2cb5 100644 --- a/tests.js +++ b/tests.js @@ -2824,7 +2824,7 @@ page.open(url, function(status) { events: 1, bits: 4, words: 0, - strength: "extremely weak", + strength: "less than a second", }, { entropy: "AAAAAAAA", @@ -2833,7 +2833,7 @@ page.open(url, function(status) { events: 8, bits: 32, words: 3, - strength: "extremely weak", + strength: "less than a second - Repeats like \"aaa\" are easy to guess", }, { entropy: "AAAAAAAA B", @@ -2842,7 +2842,7 @@ page.open(url, function(status) { events: 9, bits: 36, words: 3, - strength: "extremely weak", + strength: "less than a second - Repeats like \"aaa\" are easy to guess", }, { entropy: "AAAAAAAA BBBBBBBB", @@ -2851,7 +2851,7 @@ page.open(url, function(status) { events: 16, bits: 64, words: 6, - strength: "very weak", + strength: "less than a second - Repeats like \"aaa\" are easy to guess", }, { entropy: "AAAAAAAA BBBBBBBB CCCCCCCC", @@ -2860,7 +2860,7 @@ page.open(url, function(status) { events: 24, bits: 96, words: 9, - strength: "weak", + strength: "less than a second", }, { entropy: "AAAAAAAA BBBBBBBB CCCCCCCC DDDDDDDD", @@ -2869,7 +2869,7 @@ page.open(url, function(status) { events: 32, bits: 128, words: 12, - strength: "easily cracked", + strength: "2 minutes", }, { entropy: "AAAAAAAA BBBBBBBB CCCCCCCC DDDDDDDA", @@ -2878,7 +2878,7 @@ page.open(url, function(status) { events: 32, bits: 128, words: 12, - strength: "strong", + strength: "2 days", }, { entropy: "AAAAAAAA BBBBBBBB CCCCCCCC DDDDDDDA EEEEEEEE", @@ -2887,7 +2887,7 @@ page.open(url, function(status) { events: 40, bits: 160, words: 15, - strength: "very strong", + strength: "3 years", }, { entropy: "AAAAAAAA BBBBBBBB CCCCCCCC DDDDDDDA EEEEEEEE FFFFFFFF", @@ -2896,7 +2896,7 @@ page.open(url, function(status) { events: 48, bits: 192, words: 18, - strength: "extremely strong", + strength: "centuries", }, { entropy: "7d", @@ -2904,7 +2904,7 @@ page.open(url, function(status) { events: 1, bits: 5, words: 0, - strength: "extremely weak", + strength: "less than a second", }, { entropy: "ac2c3c4c5c6c7c8c9ctcjcqckcad2d3d4d5d6d7d8d9dtdjdqdkdah2h3h4h5h6h7h8h9hthjhqhkhas2s3s4s5s6s7s8s9stsjsqsks", @@ -2912,7 +2912,7 @@ page.open(url, function(status) { events: 52, bits: 225, words: 21, - strength: "extremely strong", + strength: "centuries", }, { entropy: "ac2c3c4c5c6c7c8c9ctcjcqckcad2d3d4d5d6d7d8d9dtdjdqdkdah2h3h4h5h6h7h8h9hthjhqhkhas2s3s4s5s6s7s8s9stsjsqsks3d", @@ -2920,7 +2920,7 @@ page.open(url, function(status) { events: 53, bits: 254, words: 21, - strength: "extremely strong", + strength: "centuries", }, { entropy: "ac2c3c4c5c6c7c8c9ctcjcqckcad2d3d4d5d6d7d8d9dtdjdqdkdah2h3h4h5h6h7h8h9hthjhqhkhas2s3s4s5s6s7s8s9stsjsqs3d4d", @@ -2928,7 +2928,7 @@ page.open(url, function(status) { events: 53, bits: 254, words: 21, - strength: "extremely strong", + strength: "centuries", }, { entropy: "ac2c3c4c5c6c7c8c9ctcjcqckcad2d3d4d5d6d7d8d9dtdjdqdkdah2h3h4h5h6h7h8h9hthjhqhkhas2s3s4s5s6s7s8s9stsjsqs3d4d5d6d", @@ -2936,7 +2936,7 @@ page.open(url, function(status) { events: 53, bits: 264, words: 24, - strength: "extremely strong", + strength: "centuries", }, // Next test was throwing uncaught error in zxcvbn // Also tests 451 bits, ie Math.log2(52!)*2 = 225.58 * 2 @@ -2946,7 +2946,7 @@ page.open(url, function(status) { events: 104, bits: 499, words: 45, - strength: "extremely strong", + strength: "centuries", }, // Case insensitivity to duplicate cards { @@ -2955,7 +2955,7 @@ page.open(url, function(status) { events: 2, bits: 9, words: 0, - strength: "extremely weak", + strength: "less than a second", }, { entropy: "ASas", @@ -2963,7 +2963,7 @@ page.open(url, function(status) { events: 2, bits: 9, words: 0, - strength: "extremely weak", + strength: "less than a second", }, // Missing cards are detected { @@ -2972,7 +2972,7 @@ page.open(url, function(status) { events: 51, bits: 221, words: 18, - strength: "extremely strong", + strength: "centuries", }, { entropy: "ac2c3c4c5c6c7c8c tcjcqckcad2d3d4d 6d7d8d9dtdjdqdkdah2h3h4h5h6h7h8h9hthjhqhkhas2s3s4s5s6s7s8s9stsjsqsks", @@ -2980,7 +2980,7 @@ page.open(url, function(status) { events: 50, bits: 216, words: 18, - strength: "extremely strong", + strength: "centuries", }, { entropy: "ac2c3c4c5c6c7c8c tcjcqckcad2d3d4d 6d7d8d9dtdjd kdah2h3h 5h6h7h8h9hthjhqhkhas2s3s4s5s6s7s8s9stsjsqsks", @@ -2988,7 +2988,7 @@ page.open(url, function(status) { events: 48, bits: 208, words: 18, - strength: "extremely strong", + strength: "centuries", }, // More than six missing cards does not show message { @@ -2997,7 +2997,7 @@ page.open(url, function(status) { events: 45, bits: 195, words: 18, - strength: "extremely strong", + strength: "centuries", }, // Multiple decks of cards increases bits per event { @@ -3041,7 +3041,7 @@ page.open(url, function(status) { events: 33, bits: 184, bitsPerEvent: 5.59, - strength: 'easily cracked - Repeats like "abcabcabc" are only slightly harder to guess than "abc"', + strength: 'less than a second - Repeats like "abcabcabc" are only slightly harder to guess than "abc"', }, ]; // use entropy -- 2.41.0