diff options
author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-09 21:45:45 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-09 21:45:45 +0300 |
commit | 662026507752095417c4d122615a1aab8f52f68d (patch) | |
tree | 3e22c1b7b27d32fe72d0cd12600ab5937c36306e /api/src/util/utility | |
parent | bug fix (diff) | |
download | server-662026507752095417c4d122615a1aab8f52f68d.tar.xz |
add an elegant entropy check
Diffstat (limited to '')
-rw-r--r-- | api/src/util/utility/passwordStrength.ts | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index 047df008..81ac2559 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -13,6 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored * - min <n> numbers * - min <n> symbols * - min <n> uppercase chars + * - shannon entropy divided by password entropy * * Returns: 0 > pw > 1 */ @@ -22,28 +23,38 @@ export function checkPassword(password: string): number { // checks for total password len if (password.length >= minLength - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of Numbers if (password.count(reNUMBER) >= minNumbers - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of Uppercase Letters if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of symbols if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) { - strength += 0.25; + strength += 0.05; } // checks if password only consists of numbers or only consists of chars if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) { strength = 0; } - + + var entropyMap; + for (let i = 0; i < password.length; i++) { + if (entropyMap[password[i]]) entropyMap[password[i]]++; + else entropyMap[password[i]] = 1; + } + + let entropies = Array(entropyMap); + + entropies.map(x => (x / entropyMap.length)); + strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length); return strength; } |