Package org.owasp.passfault.finders

Source Code of org.owasp.passfault.finders.RandomClassesFinder

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/* ©Copyright 2014 Cameron Morris */
package org.owasp.passfault.finders;

import org.owasp.passfault.PasswordPattern;
import org.owasp.passfault.PasswordResults;
import org.owasp.passfault.PatternFinder;
import org.owasp.passfault.RandomPattern;
import org.owasp.passfault.RandomPattern.RandomClasses;
/**
* This class seems to contradict the RandomPattern class.  RandomPattern takes any characters
* between found finders and calculates the random value.  It doesn't look for finders, instead it calculates
* the size of the characters-sets used.  So, for example, 1234#$%^ will be evaluated as 8 random characters
* from the numbers and letters.  Instead it should be 4 digits and four letters, since this is easier to crack.
* So this pattern finder will look for sequences of numbers and special chars that are greater than the threshold
* (with a default of three).
*
* One down-side of this pattern finder is it reports lots of finders.  Each subset as large as the threshold will be
* reported.
*
* See the RandomClassesFinderTest for examples.
*
* @author cam
*/
public class RandomClassesFinder
  implements PatternFinder
{
  private final int threshold;
 
  public RandomClassesFinder(int threshold){
    this.threshold = threshold;
  }
  public RandomClassesFinder(){
    this(3);
  }
 
  @Override
  public void analyze(PasswordResults pass)
    throws Exception
  {
    CharSequence chars = pass.getCharSequence();
    RandomClasses previousType = null;
    int typeCount = 0;
    for(int i=0, len = chars.length(); i<len; i++){
      char ch = chars.charAt(i);
      RandomClasses type = RandomClasses.getRandomClass(ch);
      if (type == previousType){
        typeCount++;
        reportPattern(pass, i, typeCount, type);
      } else {
        typeCount = 1;
        previousType = type;
      }
    }
  }

  private void reportPattern(PasswordResults pass, int currentIndex, int countOfType, RandomClasses type)
  {
    if (countOfType >= threshold && (type == RandomClasses.Numbers || type == RandomClasses.SpecialChars) ){
      int start = (currentIndex+1)-countOfType;
      //report every sequence from the first type to the current index
      for(int i=start; i <= start + countOfType - threshold; i++){
        CharSequence chars = pass.getCharSequence().subSequence(i, currentIndex+1);
        double size = Math.pow(type.getSize(),  countOfType);
       
        PasswordPattern pattern = new PasswordPattern(
            i, chars.length(), chars, size,
            "Random Characters with:" + type.name(), RandomPattern.RANDOM_PATTERN, type.name());
        pass.foundPattern(pattern);
      }
    }
  }
}
TOP

Related Classes of org.owasp.passfault.finders.RandomClassesFinder

  • org.owasp.passfault.FinderByPropsBuilder
  • org.owasp.passfault.finders.RandomClassesFinderTest
  • org.owasp.passfault.PasswordPattern
  • org.owasp.passfault.RandomPattern.RandomClasses
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.