Einzelnen Beitrag anzeigen

Benutzerbild von negaH
negaH

Registriert seit: 25. Jun 2003
Ort: Thüringen
2.950 Beiträge
 
#5

Re: Passwort auf Sicherheit prüfen

  Alt 8. Jul 2003, 01:59
Man muß die Entropy der Zeichen berechnen. Damit ist sozusagen die Redundanz der vorkommenden Zeichen gemeint. Je weniger redundant eine Passphrase ist je besser ist die Qualität.

Delphi-Quellcode:
function PassphraseQuality(const Password: String): Extended;
// returns computed Quality in range 0.0 to 1.0
// source extracted from Delphi Encryption Compendium, DEC

  function Entropy(P: PByteArray; L: Integer): Extended;
  var
    Freq: Extended;
    I: Integer;
    Accu: array[Byte] of LongWord;
  begin
    Result := 0.0;
    if L <= 0 then Exit;
    FillChar(Accu, SizeOf(Accu), 0);
    for I := 0 to L-1 do Inc(Accu[P[I]]);
    for I := 0 to 255 do
      if Accu[I] <> 0 then
      begin
        Freq := Accu[I] / L;
        Result := Result - Freq * (Ln(Freq) / Ln(2));
      end;
  end;

  function Differency: Extended;
  var
    S: String;
    L,I: Integer;
  begin
    Result := 0.0;
    L := Length(Password);
    if L <= 1 then Exit;
    SetLength(S, L-1);
    for I := 2 to L do
      Byte(S[I-1]) := Byte(Password[I-1]) - Byte(Password[I]);
    Result := Entropy(Pointer(S), Length(S));
  end;

  function KeyDiff: Extended;
  const
    Table = '^1234567890ß´qwertzuiopü+asdfghjklöä#<yxcvbnm,.-°!"§$%&/()=?`QWERTZUIOPÜ*ASDFGHJKLÖÄ''>YXCVBNM;:_';
  var
    S: String;
    L,I,J: Integer;
  begin
    Result := 0.0;
    L := Length(Password);
    if L <= 1 then Exit;
    S := Password;
    UniqueString(S);
    for I := 1 to L do
    begin
      J := Pos(S[I], Table);
      if J > 0 then S[I] := Char(J);
    end;
    for I := 2 to L do
      Byte(S[I-1]) := Byte(S[I-1]) - Byte(S[I]);
    Result := Entropy(Pointer(S), L-1);
  end;

const
  GoodLength = 10.0; // good length of Passphrases
var
  L: Extended;
begin
  Result := Entropy(Pointer(Password), Length(Password));
  if Result <> 0 then
  begin
    Result := Result * (Ln(Length(Password)) / Ln(GoodLength));
    L := KeyDiff + Differency;
    if L <> 0 then L := L / 64;
    Result := Result * L;
    if Result < 0 then Result := -Result;
    if Result > 1 then Result := 1;
  end;
end;
Gruß Hagen
  Mit Zitat antworten Zitat