Skip to content

port zxcvbnStrengthBar #1061

@tomholub

Description

@tomholub

part of #1051

We use zxcvbn to figure out how many guesses does one have to make in brute force attempt against a user chosen pass phrase. This is a way to estimate strength of pass phrase.

zxcvbn only gives us a number. We have our own code that translates that into renderable wisdom.

From https://github.com/FlowCrypt/flowcrypt-mobile-core/blob/master/source/mobile-interface/endpoints.ts

  public zxcvbnStrengthBar = async (uncheckedReq: any) => {
    const r = ValidateInput.zxcvbnStrengthBar(uncheckedReq);
    if (r.purpose === 'passphrase') {
      if (typeof r.guesses === 'number') { // the host has a port of zxcvbn and already knows amount of guesses per password
        return fmtRes(PgpPwd.estimateStrength(r.guesses));
      } else if (typeof r.value === 'string') { // host does not have zxcvbn, let's use zxcvbn-js to estimate guesses
        type FakeWindow = { zxcvbn: (password: string, weakWords: string[]) => { guesses: number } };
        if (typeof (window as unknown as FakeWindow).zxcvbn !== 'function') {
          throw new Error("window.zxcvbn missing in js")
        }
        let guesses = (window as unknown as FakeWindow).zxcvbn(r.value, PgpPwd.weakWords()).guesses;
        return fmtRes(PgpPwd.estimateStrength(guesses));
      } else {
        throw new Error('Unexpected format: guesses is not a number, value is not a string');
      }
    } else {
      throw new Error(`Unknown purpose: ${r.purpose}`);
    }

which uses this implementation we need to port: https://github.com/FlowCrypt/flowcrypt-mobile-core/blob/f80d5491451b61dcf8e539932b693fb28e84217f/source/core/pgp-password.ts#L21

Test

ava.default('zxcvbnStrengthBar', async t => {
  const { data, json } = await request('zxcvbnStrengthBar', { guesses: 88946283684265, purpose: 'passphrase' }, []);
  expectNoData(data);
  expect(json).to.deep.equal({
    word: {
      match: 'week',
      word: 'poor',
      bar: 30,
      color: 'darkred',
      pass: false
    },
    seconds: 1111829,
    time: '2 weeks',
  });
  t.pass();
});

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions