From d7696832e183cc3e98d094b35ee4392d0c8d3df5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 16 Aug 2016 01:10:33 -0400 Subject: use zxcvbn-c for fairly good password entropy estimation This should be good enough to let the keysafe UI comment on how good a password the user chooses. --- Entropy.hs | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) (limited to 'Entropy.hs') diff --git a/Entropy.hs b/Entropy.hs index 7a62c68..7fb5b94 100644 --- a/Entropy.hs +++ b/Entropy.hs @@ -1,5 +1,3 @@ -{-# LANGUAGE FlexibleInstances #-} - {- Copyright 2016 Joey Hess - - Licensed under the GNU AGPL version 3 or higher. @@ -7,23 +5,20 @@ module Entropy where -import Data.List +import Types +import Types.Cost import qualified Data.ByteString.UTF8 as B - -class ToChars t where - toChars :: t -> [Char] - -instance ToChars String where - toChars = id - -instance ToChars B.ByteString where - toChars = B.toString - -shannonEntropy :: ToChars s => s -> Double -shannonEntropy = sum . map lg' . fq' . map (fromIntegral.length) . group . sort . toChars - where - lg' c = (c * ) . logBase 2 $ 1.0 / c - fq' c = let sc = sum c in map (/ sc) c - -totalEntropy :: ToChars s => s -> Double -totalEntropy s = shannonEntropy s * fromIntegral (length (toChars s)) +import Text.Password.Strength (estimate, UserDict) + +-- | Calculation of the entropy of a password. +-- Uses zxcvbn so takes word lists, and other entropy weakening problems +-- into account. +passwordEntropy :: Password -> UserDict -> Entropy UnknownPassword +passwordEntropy (Password p) userdict = Entropy $ floor $ + estimate (B.toString p) userdict + +-- | Naive calculation of the entropy of a name. +-- Assumes that the attacker is not targeting a particular list of names. +nameEntropy :: Name -> Entropy UnknownName +nameEntropy (Name n) = Entropy $ floor $ + estimate (B.toString n) [] -- cgit v1.2.3