.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Data::Password::zxcvbn::TimeEstimate 3pm" .TH Data::Password::zxcvbn::TimeEstimate 3pm "2020-07-13" "perl v5.30.3" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Data::Password::zxcvbn::TimeEstimate \- functions to estimate cracking times .SH "VERSION" .IX Header "VERSION" version 1.0.4 .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& use Data::Password::zxcvbn::TimeEstimate qw(estimate_attack_times); \& my $estimates = estimate_attack_times($number_of_guesses); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This module provides functions for back-of-the-envelope crack time estimations, in seconds, based on a few scenarios. .SH "FUNCTIONS" .IX Header "FUNCTIONS" .ie n .SS """estimate_attack_times""" .el .SS "\f(CWestimate_attack_times\fP" .IX Subsection "estimate_attack_times" .Vb 1 \& my $estimates = estimate_attack_times($number_of_guesses); .Ve .PP Returns a hashref with two keys: .IP "\(bu" 4 \&\f(CW\*(C`crack_times_seconds\*(C'\fR .Sp hashref of back-of-the-envelope crack time estimations, in seconds, based on a few scenarios: .RS 4 .IP "\(bu" 4 \&\f(CW\*(C`online_throttling_100_per_hour\*(C'\fR .Sp online attack on a service that rate-limits authentication attempts .IP "\(bu" 4 \&\f(CW\*(C`online_no_throttling_10_per_second\*(C'\fR .Sp online attack on a service that doesn't rate-limit, or where an attacker has outsmarted rate-limiting. .IP "\(bu" 4 \&\f(CW\*(C`offline_slow_hashing_1e4_per_second\*(C'\fR .Sp offline attack. assumes multiple attackers, proper user-unique salting, and a slow hash function with moderate work factor, such as bcrypt, scrypt, \s-1PBKDF2.\s0 .IP "\(bu" 4 \&\f(CW\*(C`offline_fast_hashing_1e10_per_second\*(C'\fR .Sp offline attack with user-unique salting but a fast hash function like \&\s-1SHA\-1, SHA\-256\s0 or \s-1MD5. A\s0 wide range of reasonable numbers anywhere from one billion \- one trillion guesses per second, depending on number of cores and machines; ball-parking at 10B/sec. .RE .RS 4 .RE .IP "\(bu" 4 \&\f(CW\*(C`crack_times_display\*(C'\fR .Sp same keys as \f(CW\*(C`crack_times_seconds\*(C'\fR, but more useful for display: the values are arrayrefs \f(CW\*(C`["english string",$value]\*(C'\fR that can be passed to I18N libraries like \f(CW\*(C`Locale::Maketext\*(C'\fR to get localised versions with proper plurals .ie n .SS """guesses_to_score""" .el .SS "\f(CWguesses_to_score\fP" .IX Subsection "guesses_to_score" .Vb 1 \& my $score = guesses_to_score($number_of_guesses); .Ve .PP Returns an integer from 0\-4 (useful for implementing a strength bar): .IP "\(bu" 4 \&\f(CW0\fR .Sp too guessable: risky password. (\f(CW\*(C`guesses < 10e3\*(C'\fR) .IP "\(bu" 4 \&\f(CW1\fR .Sp very guessable: protection from throttled online attacks. (\f(CW\*(C`guesses < 10e6\*(C'\fR) .IP "\(bu" 4 \&\f(CW2\fR .Sp somewhat guessable: protection from un-throttled online attacks. (\f(CW\*(C`guesses < 10e8\*(C'\fR) .IP "\(bu" 4 \&\f(CW3\fR .Sp safely un-guessable: moderate protection from offline slow-hash scenario. (\f(CW\*(C`guesses < 10e10\*(C'\fR) .IP "\(bu" 4 \&\f(CW4\fR .Sp very un-guessable: strong protection from offline slow-hash scenario. (\f(CW\*(C`guesses >= 10e10\*(C'\fR) .ie n .SS """display_time""" .el .SS "\f(CWdisplay_time\fP" .IX Subsection "display_time" .Vb 2 \& my ($string,@values) = @{ display_time($time) }; \& print My::Localise\->get_handle\->maketext($string,@values); .Ve .PP Given a \f(CW$time\fR in seconds, returns an arrayref suitable for \&\f(CW\*(C`Locale::Maketext\*(C'\fR, like: .PP .Vb 1 \& [ \*(Aqquant,_1,day\*(Aq, 23 ] .Ve .SH "AUTHOR" .IX Header "AUTHOR" Gianni Ceccarelli .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" This software is copyright (c) 2018 by BroadBean \s-1UK,\s0 a CareerBuilder Company. .PP This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.