diff options
| author | tony <tsyrogit@users.noreply.github.com> | 2015-01-03 00:25:52 +0000 |
|---|---|---|
| committer | tony <tsyrogit@users.noreply.github.com> | 2015-01-03 00:25:52 +0000 |
| commit | 671df3f6d2a931a277e0ef2943c387cfa8ec2f36 (patch) | |
| tree | 88e329cc836f0791f8e0651c4ae66b404c3fca1c | |
| parent | 3c8e7757564520397e068e044285797661e4be49 (diff) | |
| download | zxcvbn-c-671df3f6d2a931a277e0ef2943c387cfa8ec2f36.tar.gz | |
Fix missing lines of readme0.20150103
| -rw-r--r-- | README.md | 59 |
1 files changed, 46 insertions, 13 deletions
@@ -1,31 +1,64 @@ -This is a C implementation of the zxcvbn password strength estimation. +# zxcvbn-c +This is a C/C++ implementation of the zxcvbn password strength estimation. +The code is intended to be included as part of the source of a C/C++ program. Like the original this code is for character sets which use single byte characters primarily in the code range 0x20 to 0x7E. -The original coffee-script version is available at +The original coffee script version is available at https://github.com/lowe/zxcvbn -An article on the reasons for this code is at +An article on the reasons for zxcvbn is at https://tech.dropox.com/2012/04/zxcvbn-realistic-password-strength-estimation +##Building + +The makefile will build several test programs to test the code. It shows the steps needed to use the code in C and C++ programs, using the dictionary data read from file or included within the program executable. +The makefile has only been tried on Linux using GCC version 4.8.4, but should be faily portable to other systems. + +When dictionary data is included in your program's executable, the files `zxcvbn.c` , `zxcvbn.h` , `dict-src.h` are used in your program. + +When dictionary data is read from file, the files `zxcvbn.c` , `zxcvbn.h` , `dict-crc.h` and `zxcvbn.dict` are used in your program, compiled with `#define USE_DICT_FILE`. The CRC of the dictionary data file is written to `dict-crc.h` so your executable can detect corruption of the data. + +Rename `zxcvbn.c` to `zxcvbn.cpp` (or whatever your compiler uses) to compile as C++. + +The `dict*.h` and `zxcvbn.dict` files are generated by the dictgen program compiled from dict-generate.cpp (see makefile for details). + +##Using + +Initially call `ZxcvbnInit()` with the pathname of the `zxcvbn.dict` file. This can be omitted when dictionary data is included in the executable. + +Call `ZxcvbnMatch()` with the password and optional user dictionary to get the entropy estimation and optional information on the password parts (which will need freeing with `ZxcvbnFreeInfo()` after use). Do this for each password to be tested, or as each character of it is entered into your program. The optional user dictionary can change between each call. + +Finally call `ZxcvbnUninit()` to free the dictionary data from read from file. This can be omitted when dictionary data is included in the executable. + +Review the test program in `test.c` for an example. + -###Dictionary sources +## Differences from the original version. + +The entropy calculated will sometimes differ from the original because of + +* A later version of the 10k password dictionary is used, so some words have different entropy. +* The UK keyboard layout is also included, so there are additional spacial sequences, e.g. **;'#** is a spacial sequence. +* Additional date formats are included e.g. two digit years can be used for dates. +* Characters with ASCII code < 0x20 or > 0x7E add 100 to the cardinality of the password character set. +* Dijktra's path searching algorithm is used to combine parts of the entered password. This can result in the found components of the password being combined differently than the original coffee script. E.g. the password **bcderty** +is combined by the original coffee script as **b** (4.7 bits) + **cderty** (14.9 bits) to give total entropy of 19.6 bits. This implementation combines it as **bcde** (6.7 bits) + **rty** (9.8 bits) to give 16.5 bits. + + +##References + +The original coffee-script version is available at + https://github.com/lowe/zxcvbn 10000 Most popular Passwords is from https://xato.net/passwords/more-top-worst-passwords by Mark Burnett (this is a later version than the one used by the original coffee script version). -The list of names and their populatity is from the US year 2000 census data, as used in the original coffee script version. +The list of names and their popularity is from the US year 2000 census data, as used in the original coffee script version. 40k words are from movies and TV shows, obtained from -http://en.wiktionary.org/wiki/Wiktionary:Frequency_lists - +http://en.wiktionary.org/wiki/Wiktionary:Frequency_lists as in the original coffee script version. Dictionary trie encoding (used for by the word lookup code) based on idea from the Caroline Word Graph from http://www.pathcom.com/~vadco/cwg.html -### Differences from the original version. - -The entropy calculated will sometimes differ from the original because of - -* A later version of the password dictionary is used -*
\ No newline at end of file |