forked from dropbox/zxcvbn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.d.ts
222 lines (185 loc) · 6 KB
/
index.d.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
declare function zxcvbn(password: string, userInputs?: string[]): zxcvbn.ZXCVBNResult;
export = zxcvbn;
declare namespace zxcvbn {
interface ZXCVBNResult {
/**
* estimated guesses needed to crack password
*/
guesses: number;
/**
* order of magnitude of result.guesses
*/
guesses_log10: number;
/**
* dictionary of back-of-the-envelope crack time
* estimations, in seconds, based on a few scenarios.
*/
crack_times_seconds: ZXCVBNAttackTime;
/**
* same keys as result.crack_times_seconds,
* with friendlier display string values:
* "less than a second", "3 hours", "centuries", etc.
*/
crack_times_display: ZXCVBNAttackTime;
/**
* Integer from 0-4 (useful for implementing a strength bar):
* 0 too guessable: risky password. (guesses < 10^3)
* 1 very guessable: protection from throttled online attacks. (guesses < 10^6)
* 2 somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
* 3 safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
* 4 very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
*/
score: ZXCVBNScore;
/**
* verbal feedback to help choose better passwords. set when score <= 2.
*/
feedback: ZXCVBNFeedback;
/**
* the list of patterns that zxcvbn based the
* guess calculation on.
*/
sequence: ZXCVBNSequence[];
/**
* how long it took zxcvbn to calculate an answer,
* in milliseconds.
*/
calc_time: number;
}
type ZXCVBNScore = 0 | 1 | 2 | 3 | 4;
interface ZXCVBNAttackTime {
/**
* online attack on a service that ratelimits password auth attempts.
*/
online_throttling_100_per_hour: string | number;
/**
* online attack on a service that doesn't ratelimit,
* or where an attacker has outsmarted ratelimiting.
*/
online_no_throttling_10_per_second: string | number;
/**
* offline attack. assumes multiple attackers,
* proper user-unique salting, and a slow hash function
* w/ moderate work factor, such as bcrypt, scrypt, PBKDF2.
*/
offline_slow_hashing_1e4_per_second: string | number;
/**
* offline attack with user-unique salting but a fast hash
* function like SHA-1, SHA-256 or MD5. A wide range of
* reasonable numbers anywhere from one billion - one trillion
* guesses per second, depending on number of cores and machines.
* ballparking at 10B/sec.
*/
offline_fast_hashing_1e10_per_second: string | number;
}
interface ZXCVBNFeedback {
/**
* explains what's wrong, eg. 'this is a top-10 common password'.
* not always set -- sometimes an empty string
*/
warning: ZXCVBNFeedbackWarning;
/**
* a possibly-empty list of suggestions to help choose a less
* guessable password. eg. 'Add another word or two'
*/
suggestions: string[];
}
type ZXCVBNFeedbackWarning =
| "Straight rows of keys are easy to guess"
| "Short keyboard patterns are easy to guess"
| "Use a longer keyboard pattern with more turns"
| 'Repeats like "aaa" are easy to guess'
| 'Repeats like "abcabcabc" are only slightly harder to guess than "abc"'
| "Sequences like abc or 6543 are easy to guess"
| "Recent years are easy to guess"
| "Dates are often easy to guess"
| "This is a top-10 common password"
| "This is a top-100 common password"
| "This is a very common password"
| "This is similar to a commonly used password"
| "A word by itself is easy to guess"
| "Names and surnames by themselves are easy to guess"
| "Common names and surnames are easy to guess"
| "";
interface ZXCVBNSequence {
/**
* if sequence is ascending.
*/
ascending: boolean;
/**
* the base number of guesses.
*/
base_guesses: number;
/**
* the base match to relate to.
*/
base_matches: string;
/**
* the base token to relate to.
*/
base_token: string;
/**
* the dictionary this sequence was found in.
*/
dictionary_name: string;
/**
* estimated guesses needed to crack sequence.
*/
guesses: number;
/**
* order of magnitude of guesses.
*/
guesses_log10: number;
/**
* sequence index.
*/
i: number;
/**
* sequence section number.
*/
j: number;
/**
* is part of l33t speak.
*/
l33t: boolean;
/**
* how many variations of l33t speak.
*/
l33t_variations: number;
/**
* the word that was matched in dictionary.
*/
matched_word: string;
/**
* what type of pattern the sequence contains.
*/
pattern: string;
/**
* the rank of the sequence in the dictionary.
*/
rank: number;
/**
* how many times the sequence is repeated.
*/
repeat_count: number;
/**
* is reveresed.
*/
reversed: boolean;
/**
* what type of sequence it is.
*/
sequence_name: string;
/**
* how much space the sequence has left.
*/
sequence_space: number;
/**
* the token the sequence is based off.
*/
token: string;
/**
* uppercase variations of the token.
*/
uppercase_variations: number;
}
}