UNPKG

zxcvbn/src/time_estimates.coffee

Version:

2.21 kBtext/coffeescriptView Raw

1time_estimates =
estimate_attack_times: (guesses) ->
  crack_times_seconds =
    online_throttling_100_per_hour: guesses / (100 / 3600)
    online_no_throttling_10_per_second: guesses / 1e2
    offline_slow_hashing_1e4_per_second: guesses / 1e4
    offline_fast_hashing_1e10_per_second: guesses / 1e10
8
  crack_times_display = {}
  for scenario, seconds of crack_times_seconds
    crack_times_display[scenario] = @display_time seconds
12
  crack_times_seconds: crack_times_seconds
  crack_times_display: crack_times_display
  score: @guesses_to_score guesses
16
17
guesses_to_score: (guesses) ->
  DELTA = 5
  if guesses < 1e3 + DELTA
    # risky password: "too guessable"
    0
  else if guesses < 1e6 + DELTA
    # modest protection from throttled online attacks: "very guessable"
    1
  else if guesses < 1e8 + DELTA
    # modest protection from unthrottled online attacks: "somewhat guessable"
    2
  else if guesses < 1e10 + DELTA
    # modest protection from offline attacks: "safely unguessable"
    # assuming a salted, slow hash function like bcrypt, scrypt, PBKDF2, argon, etc
    3
  else
    # strong protection from offline attacks under same scenario: "very unguessable"
    4
36
display_time: (seconds) ->
  minute = 60
  hour = minute * 60
  day = hour * 24
  month = day * 31
  year = month * 12
  century = year * 100
  [display_num, display_str] = if seconds < 1
    [null, 'less than a second']
  else if seconds < minute
    base = Math.round seconds
    [base, "#{base} second"]
  else if seconds < hour
    base = Math.round seconds / minute
    [base, "#{base} minute"]
  else if seconds < day
    base = Math.round seconds / hour
    [base, "#{base} hour"]
  else if seconds < month
    base = Math.round seconds / day
    [base, "#{base} day"]
  else if seconds < year
    base = Math.round seconds / month
    [base, "#{base} month"]
  else if seconds < century
    base = Math.round seconds / year
    [base, "#{base} year"]
  else
    [null, 'centuries']
  display_str += 's' if display_num? and display_num != 1
  display_str
68
69module.exports = time_estimates

1	`time_estimates =`
2	`estimate_attack_times: (guesses) ->`
3	`crack_times_seconds =`
4	`online_throttling_100_per_hour: guesses / (100 / 3600)`
5	`online_no_throttling_10_per_second: guesses / 1e2`
6	`offline_slow_hashing_1e4_per_second: guesses / 1e4`
7	`offline_fast_hashing_1e10_per_second: guesses / 1e10`
8
9	`crack_times_display = {}`
10	`for scenario, seconds of crack_times_seconds`
11	`crack_times_display[scenario] = @display_time seconds`
12
13	`crack_times_seconds: crack_times_seconds`
14	`crack_times_display: crack_times_display`
15	`score: @guesses_to_score guesses`
16
17
18	`guesses_to_score: (guesses) ->`
19	`DELTA = 5`
20	`if guesses < 1e3 + DELTA`
21	`# risky password: "too guessable"`
22	`0`
23	`else if guesses < 1e6 + DELTA`
24	`# modest protection from throttled online attacks: "very guessable"`
25	`1`
26	`else if guesses < 1e8 + DELTA`
27	`# modest protection from unthrottled online attacks: "somewhat guessable"`
28	`2`
29	`else if guesses < 1e10 + DELTA`
30	`# modest protection from offline attacks: "safely unguessable"`
31	`# assuming a salted, slow hash function like bcrypt, scrypt, PBKDF2, argon, etc`
32	`3`
33	`else`
34	`# strong protection from offline attacks under same scenario: "very unguessable"`
35	`4`
36
37	`display_time: (seconds) ->`
38	`minute = 60`
39	`hour = minute * 60`
40	`day = hour * 24`
41	`month = day * 31`
42	`year = month * 12`
43	`century = year * 100`
44	`[display_num, display_str] = if seconds < 1`
45	`[null, 'less than a second']`
46	`else if seconds < minute`
47	`base = Math.round seconds`
48	`[base, "#{base} second"]`
49	`else if seconds < hour`
50	`base = Math.round seconds / minute`
51	`[base, "#{base} minute"]`
52	`else if seconds < day`
53	`base = Math.round seconds / hour`
54	`[base, "#{base} hour"]`
55	`else if seconds < month`
56	`base = Math.round seconds / day`
57	`[base, "#{base} day"]`
58	`else if seconds < year`
59	`base = Math.round seconds / month`
60	`[base, "#{base} month"]`
61	`else if seconds < century`
62	`base = Math.round seconds / year`
63	`[base, "#{base} year"]`
64	`else`
65	`[null, 'centuries']`
66	`display_str += 's' if display_num? and display_num != 1`
67	`display_str`
68
69	`module.exports = time_estimates`