From 441a86cd8c9f79d8011e9804686ae26594f37a34 Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Mon, 14 Oct 2024 18:39:24 +0200 Subject: [PATCH] remove mean stuff, doesn't work properly --- README.md | 16 -------------- lib.go | 55 +++++----------------------------------------- lib_test.go | 63 ----------------------------------------------------- 3 files changed, 5 insertions(+), 129 deletions(-) diff --git a/README.md b/README.md index 9390d42..9629a0e 100644 --- a/README.md +++ b/README.md @@ -87,21 +87,6 @@ Of course we do not use RLE. We measure compression using the [Flate algorithm]( https://en.m.wikipedia.org/wiki/Deflate). -### Optional: arithmetic mean value - -This is simply the result of summing the all the printable ascii chars -divided by password length. The ideal value would be ~80, because most -normal letters hang out in the upper area between 32 (space) and -126(tilde). We consider a password ok, if its mean lies around this -area give or take 5. If the mean departs more from this value, the -characters are consistently high or low (e.g. more numbers and upper -case letters or only lower case letters). The latter, 5, can be -tweaked. The larger the number, tha laxer the result. - -Please be warned, that this metric will in most cases give you bad -results on otherwise good passwords, such as diceware passwords. Only -use it if you know what you're doing. - ### Optional: dictionary check You can supply a dictionary of words of your @@ -149,7 +134,6 @@ type Options struct { CharDistribution float64 // minimum character distribution in percent, default 10% Entropy float64 // minimum entropy value in bits/char, default 3 bits/s Dictionary *Dictionary // lookup given dictionary, the caller has to provide it - MeanDeviation float64 // minimum arithmetic mean deviation, by default disabled, standard 5 } ``` diff --git a/lib.go b/lib.go index 692d45d..fefc19d 100644 --- a/lib.go +++ b/lib.go @@ -26,27 +26,18 @@ type Options struct { CharDistribution float64 // minimum character distribution in percent, default 10% Entropy float64 // minimum entropy value in bits/char, default 3 bits/s Dictionary *Dictionary // lookup given dictionary, the caller has to provide it - MeanDeviation float64 // minimum arithmetic mean deviation, by default disabled, standard 5 } const ( - MIN_COMPRESS int = 10 - MIN_DIST float64 = 10.0 - MIN_ENTROPY float64 = 3.0 - MIN_DICT_LEN int = 5000 - MAX_CHARS int = 95 // maximum printable US ASCII chars - LIMIT_MEAN_DEVIATION float64 = 20 + MIN_COMPRESS int = 10 + MIN_DIST float64 = 10.0 + MIN_ENTROPY float64 = 3.0 + MIN_DICT_LEN int = 5000 + MAX_CHARS int = 95 // maximum printable US ASCII chars // we start our ascii arrays at char(32), so to have max 95 // elements in the slice, we subtract 32 from each ascii code ascii_base byte = 32 - - // arithmetic mean limits: we work on chr(32) til chr(126) in - // ascii. The mean value, however, is not 63 as one would suppose, - // but 80, because most used printable ascii chars exist in the - // upper area of the space. So, we take 80 as the middle ground - // and go beyond 5 up or down - mean_base float64 = 80 ) // Result stores the results of all validations. @@ -56,7 +47,6 @@ type Result struct { Compress int // actual compression rate in percent CharDistribution float64 // actual character distribution in percent Entropy float64 // actual entropy value in bits/chars - Mean float64 // actual arithmetic mean, close to 127.5 is best } // Validate validates a given password. You can tune its behavior @@ -73,7 +63,6 @@ func Validate(passphrase string, opts ...Options) (Result, error) { CharDistribution: MIN_DIST, Entropy: MIN_ENTROPY, Dictionary: nil, - MeanDeviation: 0, } if len(opts) == 1 { @@ -133,16 +122,6 @@ func Validate(passphrase string, opts ...Options) (Result, error) { } } - if options.MeanDeviation > 0 { - mean := getArithmeticMean(passphrase) - - if mean > (mean_base+options.MeanDeviation) || mean < (mean_base-options.MeanDeviation) { - result.Ok = false - } - - result.Mean = mean - } - return result, nil } @@ -263,27 +242,3 @@ func getDictMatch(passphrase string, dict *Dictionary) (bool, error) { return false, nil } - -/* -* Return the arithmetic mean value: - - This is simply the result of summing the all the bytes (bits if the - --b option is specified) in the file and dividing by the file -length. If the data are close to random, this should be about 127.5 -(0.5 for -b option output). If the mean departs from this value, the -values are consistently high or low. - - Working on US-ASCII space -*/ -func getArithmeticMean(passphrase string) float64 { - sum := 0.0 - count := 0.0 - - for _, char := range []byte(passphrase) { - sum += float64(char) - count++ - } - - return sum / count -} diff --git a/lib_test.go b/lib_test.go index 186a68d..d991e60 100644 --- a/lib_test.go +++ b/lib_test.go @@ -171,59 +171,6 @@ var pass_dict_bad = []string{ `effected`, `ministry`, } -var pass_mean_bad = []string{ - `UT6RTLTNAK3JN2UVWJGXSLHKT4P3ECXJ`, - `L4HENABMJR0UZBFSFV0GPSXWZ4HEMOHO`, - `YTYPHSGR8XHP4C85T3YZFF4TG2OLMQVF`, - `TWAGHNVLMYR5RW67RNKUO8K3SPYAJID2`, - `MU0OCIE9ZUYBFLMSKWKCLTSWKZ6GBTLM`, - `GHBSLIVXCJCVUNTJBSPHXZUSE906QGZH`, - `PZWQMRNG8LDRTY9GVELRALXCO181O8AK`, - `KZYKWCUZWDG4OSREEKCKOA58JQMRUUBZ`, - `CKZWG3H6A2TJKJDPEFX2CESMPYTA7WBF`, - `RT8HGYUBUNUJMF0SLWKW8JISCRSG6L6M`, - `368WCV4PGAWE1MWZJWZU8JPEQILMEBHV`, - `W6HVUTBNAGJN4ABMWEKK5OHTIXUYTPDG`, - `GZXQAEWMNSKJDYVQRPYIQXJTPIDHMF9T`, - `AWTJNUFOTML7GC2OC04K74F30AO9A2VJ`, - `MTHJUGOHCTYNWICVVNEMETRYA2L2QHBE`, - `XHTUQVYNSBPTH8TWCRMMV6BILHV6KYOP`, - `MTNAROLNNZZBARVNKGGVLL8VR682GQUP`, - `3VDYD0CJGFQ1UQKTRQOUQ5FZ4PROITVQ`, - `JWOFUTKGTVG035HUFTTWHGLECAX5IYMX`, - `DVVMB6XXZPALLFMEFJRMSZUZIRU7CLNF`, - `QCNKZ82LGDHT97LGJKLEVUSU1MSX7FNH`, - `HWNZDPHHFIDO88FB4KMJSTBI35FEJUCN`, - `1MJ7DRGDQ9BETU5JJ3NPUEWVSLZB9WGP`, - `TCVC1RLXKIKGIVYGGWOEQXDRSHQJCJUA`, - `BYMT86DO8VNU0UF0FFOC3EPLMLANAYY5`, - `OPEBVIMRKAAGURO3BQAGFSZQ0MV9OBAJ`, - `BKZUICCERVRZCFPSMFZPY1UHPFEDJLUH`, - `ECWSDOGFI1PXHI2ZAP06O1CT8USL7HLM`, - `ZRNFW4CWXP5HHYBETZQFTNOL6AJ8ZMXZ`, - `UDV3CHYM4YJUFMIS9QCHWEO1DIZ7PH59`, - `KS7FYTZ12TAZ8J3MTZAPT7TGXMYNABGX`, - `BFNAM5SRZQGO9ENP1E14GGJR8HDZZUHS`, - `34IIW3TPK2IUDTYVSEGNHNR0RLI1TL7B`, - `7TMGYVOA4NRHSY6TF6MRHHFJ07GOW2YR`, - `SDS0RTQUPVAGDMNYXYCVJEV2MDT4IH5S`, - `IQMMSGHI5JNG5VIV5K6N11WCGGGCSBWP`, - `11LMWSI2YPRMOJ9MBIA4IPKFPOJPS71U`, - `CPMXAMBOTBQ6AHXJ1FRHWBWZUX8TENST`, - `LEHQVCBRSSHY482UU1MZJZGFHWKWE716`, - `KMCGTBIYSJXDURAX5F1QQQB3Y1UU2EF6`, - `VPPZ8UFNTXAANQWDIDIAQJACVZPQIQ94`, - `CQ3GOBWGX91FT1SVVLOLCDX54HWUYLKO`, - `DKRJ7CX5JCKHEKI2JKMVPCHRCT3IKKUK`, - `XILAMTWXXGAHHMEUPNXBP5HQEGKCFH8X`, - `OGJ7A3RNOCSGPPUXSPOING6AYUNZ8OSR`, - `LB1XL9YWUXX6Q7GJBDI0BISHG7V1PAXY`, - `YRUJYIOYDNYBUBQK0YY02WA45YNGTKMS`, - `UTPTMOILT9WI3O2ZPPASMHQYCJPO2HTT`, - `J6NXVXG5FN9CTWYEYQBLFVZSSALFDJEF`, - `CQC84VGBZMJ65I8XLRF2PBMK5X86BVMC`, -} - var pass_dictsub_bad = []string{ `regational`, `iminalizat`, `rconductiv`, `substantia`, `oritativen`, `trocardiog`, `communicat`, `aracterist`, @@ -272,10 +219,6 @@ var opts_invaliddict = valpass.Options{ Dictionary: &valpass.Dictionary{Words: []string{"eins", "zwei", "drei"}}, } -var opts_mean = valpass.Options{ - MeanDeviation: 15, // very lax in order to succeed! -} - var tests = []Test{ { name: "checkgood", @@ -295,12 +238,6 @@ var tests = []Test{ opts: opts_dictsub, passwords: Passwordlist{pass_dictsub_bad}, }, - { - name: "checkgood-mean", - want: true, - opts: opts_mean, - passwords: Passwordlist{pass_random_good}, - }, { name: "checkbad", want: false,