Ubuntu Manpage: Data::Password::zxcvbn::TimeEstimate - functions to estimate cracking times

Provided by: libdata-password-zxcvbn-perl_1.1.2-1_all

NAME

       Data::Password::zxcvbn::TimeEstimate - functions to estimate cracking times

VERSION

       version 1.1.2

SYNOPSIS

         use Data::Password::zxcvbn::TimeEstimate qw(estimate_attack_times);
         my $estimates = estimate_attack_times($number_of_guesses);

DESCRIPTION

       This module provides functions for back-of-the-envelope crack time estimations, in seconds, based on a
       few scenarios.

FUNCTIONS

   "estimate_attack_times"
         my $estimates = estimate_attack_times($number_of_guesses);

       Returns a hashref with two keys:

       •   "crack_times_seconds"

           hashref of back-of-the-envelope crack time estimations, in seconds, based on a few scenarios:

           •   "online_throttling_100_per_hour"

               online attack on a service that rate-limits authentication attempts

           •   "online_no_throttling_10_per_second"

               online  attack  on  a  service that doesn't rate-limit, or where an attacker has outsmarted rate-
               limiting.

           •   "offline_slow_hashing_1e4_per_second"

               offline attack. assumes multiple attackers, proper user-unique salting, and a slow hash  function
               with moderate work factor, such as bcrypt, scrypt, PBKDF2.

           •   "offline_fast_hashing_1e10_per_second"

               offline  attack  with  user-unique salting but a fast hash function like SHA-1, SHA-256 or MD5. A
               wide range of reasonable numbers anywhere from one billion - one  trillion  guesses  per  second,
               depending on number of cores and machines; ball-parking at 10B/sec.

       •   "crack_times_display"

           same  keys as "crack_times_seconds", but more useful for display: the values are arrayrefs "["english
           string",$value]" that can be passed to  I18N  libraries  like  "Locale::Maketext"  to  get  localised
           versions with proper plurals

   "guesses_to_score"
        my $score = guesses_to_score($number_of_guesses);

       Returns an integer from 0-4 (useful for implementing a strength bar):

       •   0

           too guessable: risky password. ("guesses < 10e3")

       •   1

           very guessable: protection from throttled online attacks. ("guesses < 10e6")

       •   2

           somewhat guessable: protection from un-throttled online attacks. ("guesses < 10e8")

       •   3

           safely un-guessable: moderate protection from offline slow-hash scenario. ("guesses < 10e10")

       •   4

           very un-guessable: strong protection from offline slow-hash scenario. ("guesses >= 10e10")

   "display_time"
         my ($string,@values) = @{ display_time($time) };
         print My::Localise->get_handle->maketext($string,@values);

       Given a $time in seconds, returns an arrayref suitable for "Locale::Maketext", like:

        [ 'quant,_1,day', 23 ]

AUTHOR

       Gianni Ceccarelli <gianni.ceccarelli@broadbean.com>

COPYRIGHT AND LICENSE

       This software is copyright (c) 2022 by BroadBean UK, a CareerBuilder Company.

       This  is  free  software;  you  can  redistribute  it and/or modify it under the same terms as the Perl 5
       programming language system itself.

perl v5.36.0                                       2023-04-04             Data::Password:...n::TimeEstimate(3pm)