Data::Password::zxcvbn::TimeEstimate(3pm)

1Data::Password::zxcvbn:U:sTeirmeCEosnttirmiabtuet(e3d)PDeartla:D:oPcausmsewnotradt:i:oznxcvbn::TimeEstimate(3)
2
3
4

NAME

6       Data::Password::zxcvbn::TimeEstimate - functions to estimate cracking
7       times
8

VERSION

10       version 1.1.2
11

SYNOPSIS

13         use Data::Password::zxcvbn::TimeEstimate qw(estimate_attack_times);
14         my $estimates = estimate_attack_times($number_of_guesses);
15

DESCRIPTION

17       This module provides functions for back-of-the-envelope crack time
18       estimations, in seconds, based on a few scenarios.
19

FUNCTIONS

21   "estimate_attack_times"
22         my $estimates = estimate_attack_times($number_of_guesses);
23
24       Returns a hashref with two keys:
25
26       •   "crack_times_seconds"
27
28           hashref of back-of-the-envelope crack time estimations, in seconds,
29           based on a few scenarios:
30
31           •   "online_throttling_100_per_hour"
32
33               online attack on a service that rate-limits authentication
34               attempts
35
36           •   "online_no_throttling_10_per_second"
37
38               online attack on a service that doesn't rate-limit, or where an
39               attacker has outsmarted rate-limiting.
40
41           •   "offline_slow_hashing_1e4_per_second"
42
43               offline attack. assumes multiple attackers, proper user-unique
44               salting, and a slow hash function with moderate work factor,
45               such as bcrypt, scrypt, PBKDF2.
46
47           •   "offline_fast_hashing_1e10_per_second"
48
49               offline attack with user-unique salting but a fast hash
50               function like SHA-1, SHA-256 or MD5. A wide range of reasonable
51               numbers anywhere from one billion - one trillion guesses per
52               second, depending on number of cores and machines; ball-parking
53               at 10B/sec.
54
55       •   "crack_times_display"
56
57           same keys as "crack_times_seconds", but more useful for display:
58           the values are arrayrefs "["english string",$value]" that can be
59           passed to I18N libraries like "Locale::Maketext" to get localised
60           versions with proper plurals
61
62   "guesses_to_score"
63        my $score = guesses_to_score($number_of_guesses);
64
65       Returns an integer from 0-4 (useful for implementing a strength bar):
66
67       •   0
68
69           too guessable: risky password. ("guesses < 10e3")
70
71       •   1
72
73           very guessable: protection from throttled online attacks. ("guesses
74           < 10e6")
75
76       •   2
77
78           somewhat guessable: protection from un-throttled online attacks.
79           ("guesses < 10e8")
80
81       •   3
82
83           safely un-guessable: moderate protection from offline slow-hash
84           scenario. ("guesses < 10e10")
85
86       •   4
87
88           very un-guessable: strong protection from offline slow-hash
89           scenario. ("guesses >= 10e10")
90
91   "display_time"
92         my ($string,@values) = @{ display_time($time) };
93         print My::Localise->get_handle->maketext($string,@values);
94
95       Given a $time in seconds, returns an arrayref suitable for
96       "Locale::Maketext", like:
97
98        [ 'quant,_1,day', 23 ]
99

AUTHOR

101       Gianni Ceccarelli <gianni.ceccarelli@broadbean.com>
102

COPYRIGHT AND LICENSE

104       This software is copyright (c) 2022 by BroadBean UK, a CareerBuilder
105       Company.
106
107       This is free software; you can redistribute it and/or modify it under
108       the same terms as the Perl 5 programming language system itself.
109
110
111
112perl v5.36.1                      2023-0D9a-t1a3::Password::zxcvbn::TimeEstimate(3)