bbusschots / hsxkpasswd

A Perl module and terminal command for generating secure memorable passwords inspired by the fabulous XKCD web comic and Steve Gibson's Password Hay Stacks. This is the library that powers www.xkpasswd.net
http://www.bartb.ie/xkpasswd
BSD 2-Clause "Simplified" License
278 stars 48 forks source link

Blind Entropy calculation #3

Closed hortocam closed 10 years ago

hortocam commented 10 years ago

Not entirely my area, but this seems a bit off based on the walkthrough you posted in the documentation.

# calculate the blind permutations - (based purely on length and alphabet)
my $alphabet_count = 12; # all passwords have at least one case of letters
if($self->{_CONFIG}->{case_transform} =~ m/^(ALTERNATE)|(CAPITALISE)|(INVERT)|(RANDOM)$/sx){
    $alphabet_count += 12; # these configs guarantee a mix of cases
}

Shouldn't $alphabet_count = 26 for one case and 52 for mixed case?

I've fixed it locally but will probably fiddle with a few more things before submitting another pull request. Let me know your thoughts.

Using the same example script from before, I get a seen entropy of 44 and I think that should be higher so I am trying to work them out using your guide and verify the code is doing the same.

bbusschots commented 10 years ago

You're absolutely right - it should indeed be 26 and then += 26 for the mixed-case passwords.

I have no idea where 12 came from - the mind boggles!

Given that you found the bug, I'd prefer for you to get the credit by submitting a pull request, but I'm also happy to fix it on my end if you'd prefer. If you're still double-checking the entropy code it probably makes sense to submit the pull request when you're done - you may find another gremlin or two lurking in there.

bbusschots commented 10 years ago

I've fixed the typo myself and committed the code.

hortocam commented 10 years ago

Thanks I will grab an update. I got distracted by another project.

Sent from my iPhone

On Nov 2, 2014, at 10:59 AM, Bart Busscots notifications@github.com<mailto:notifications@github.com> wrote:

I've fixed the typo myself and committed the code.

— Reply to this email directly or view it on GitHubhttps://github.com/bbusschots/xkpasswd.pm/issues/3#issuecomment-61411935.