Module: StrongPassword::NistBonusBits

Defined in:
lib/strong_password/nist_bonus_bits.rb

Constant Summary collapse

@@bonus_bits_for_password =
{}

Class Method Summary collapse

Class Method Details

.bonus_bits(password) ⇒ Object

NIST password strength rules allow up to 6 bonus bits for mixed case and non-alphabetic



6
7
8
9
10
# File 'lib/strong_password/nist_bonus_bits.rb', line 6

def self.bonus_bits(password)
  @@bonus_bits_for_password[password] ||= begin
    calculate_bonus_bits_for(password)
 end
end

.calculate_bonus_bits_for(password) ⇒ Object



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# File 'lib/strong_password/nist_bonus_bits.rb', line 17

def self.calculate_bonus_bits_for(password)
   upper   = !!(password =~ /[[:upper:]]/)
	lower   = !!(password =~ /[[:lower:]]/)
	numeric = !!(password =~ /[[:digit:]]/)
	other   = !!(password =~ /[^a-zA-Z0-9 ]/)
	space   = !!(password =~ / /)

	# I had this condensed to nested ternaries but that shit was ugly
	bonus_bits = if upper && lower && other && numeric
	  6
 elsif upper && lower && other && !numeric
   5
 elsif numeric && other && !upper && !lower
   -2
 elsif numeric && !other && !upper && !lower
   -6
  else
    0
   end

	if !space
	  bonus_bits = bonus_bits - 2
	elsif password.split(/\s+/).length > 3
	  bonus_bits = bonus_bits + 1
  end
  bonus_bits
end

.reset_bonus_cache!Object

This smells bad as it’s only used for testing…



13
14
15
# File 'lib/strong_password/nist_bonus_bits.rb', line 13

def self.reset_bonus_cache!
  @@bonus_bits_for_password = {}
end