Registriert seit: 25. Jun 2003
Ort: Thüringen
2.950 Beiträge
|
Re: Passwort auf Sicherheit prüfen
8. Jul 2003, 01:59
Man muß die Entropy der Zeichen berechnen. Damit ist sozusagen die Redundanz der vorkommenden Zeichen gemeint. Je weniger redundant eine Passphrase ist je besser ist die Qualität.
Delphi-Quellcode:
function PassphraseQuality( const Password: String): Extended;
// returns computed Quality in range 0.0 to 1.0
// source extracted from Delphi Encryption Compendium, DEC
function Entropy(P: PByteArray; L: Integer): Extended;
var
Freq: Extended;
I: Integer;
Accu: array[Byte] of LongWord;
begin
Result := 0.0;
if L <= 0 then Exit;
FillChar(Accu, SizeOf(Accu), 0);
for I := 0 to L-1 do Inc(Accu[P[I]]);
for I := 0 to 255 do
if Accu[I] <> 0 then
begin
Freq := Accu[I] / L;
Result := Result - Freq * (Ln(Freq) / Ln(2));
end;
end;
function Differency: Extended;
var
S: String;
L,I: Integer;
begin
Result := 0.0;
L := Length(Password);
if L <= 1 then Exit;
SetLength(S, L-1);
for I := 2 to L do
Byte(S[I-1]) := Byte(Password[I-1]) - Byte(Password[I]);
Result := Entropy(Pointer(S), Length(S));
end;
function KeyDiff: Extended;
const
Table = ' ^1234567890ß´qwertzuiopü+asdfghjklöä#<yxcvbnm,.-°!"§$%&/()=?`QWERTZUIOPÜ*ASDFGHJKLÖÄ'' >YXCVBNM;:_';
var
S: String;
L,I,J: Integer;
begin
Result := 0.0;
L := Length(Password);
if L <= 1 then Exit;
S := Password;
UniqueString(S);
for I := 1 to L do
begin
J := Pos(S[I], Table);
if J > 0 then S[I] := Char(J);
end;
for I := 2 to L do
Byte(S[I-1]) := Byte(S[I-1]) - Byte(S[I]);
Result := Entropy(Pointer(S), L-1);
end;
const
GoodLength = 10.0; // good length of Passphrases
var
L: Extended;
begin
Result := Entropy(Pointer(Password), Length(Password));
if Result <> 0 then
begin
Result := Result * (Ln(Length(Password)) / Ln(GoodLength));
L := KeyDiff + Differency;
if L <> 0 then L := L / 64;
Result := Result * L;
if Result < 0 then Result := -Result;
if Result > 1 then Result := 1;
end;
end;
Gruß Hagen
|
|
Zitat
|