use zxcvbn-c for fairly good password entropy estimation

This should be good enough to let the keysafe UI comment on
how good a password the user chooses.

1 files changed, 16 insertions, 21 deletions

diff --git a/Entropy.hs b/Entropy.hs
index 7a62c68..7fb5b94 100644
--- a/Entropy.hs
+++ b/Entropy.hs
@@ -1,5 +1,3 @@
-{-# LANGUAGE FlexibleInstances #-}
-
 {- Copyright 2016 Joey Hess <id@joeyh.name>
  -
  - Licensed under the GNU AGPL version 3 or higher.
@@ -7,23 +5,20 @@
 
 module Entropy where
 
-import Data.List
+import Types
+import Types.Cost
 import qualified Data.ByteString.UTF8 as B
-
-class ToChars t where
-	toChars :: t -> [Char]
-
-instance ToChars String where
-	toChars = id
-
-instance ToChars B.ByteString where
-	toChars = B.toString
-
-shannonEntropy :: ToChars s => s -> Double
-shannonEntropy = sum . map lg' . fq' . map (fromIntegral.length) . group . sort . toChars
-  where
-	lg' c = (c * ) . logBase 2 $ 1.0 / c
-	fq' c = let sc = sum c in map (/ sc) c
-
-totalEntropy :: ToChars s => s -> Double
-totalEntropy s = shannonEntropy s * fromIntegral (length (toChars s))
+import Text.Password.Strength (estimate, UserDict)
+
+-- | Calculation of the entropy of a password.
+-- Uses zxcvbn so takes word lists, and other entropy weakening problems
+-- into account.
+passwordEntropy :: Password -> UserDict -> Entropy UnknownPassword
+passwordEntropy (Password p) userdict = Entropy $ floor $
+	estimate (B.toString p) userdict
+
+-- | Naive calculation of the entropy of a name.
+-- Assumes that the attacker is not targeting a particular list of names.
+nameEntropy :: Name -> Entropy UnknownName
+nameEntropy (Name n) = Entropy $ floor $
+	estimate (B.toString n) []