1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
Name: C++ port of zxcvbn, an advanced password strength estimation library.
Short Name: zxcvbn-cpp
URL: https://thelig.ht/code/zxcvbn-cpp
Version: N/A
Date: 2024-07-10
Revision: 6559806fc0c1671aa2d77dfc66e1d4784a57beaa
Update Mechanism: Manual
License: MIT
License File: LICENSE.txt
Security Critical: yes
Shipped: yes
Description:
A realistic password strength estimator. https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/
Used in the Password Manager to inform users about weak passwords.
Update:
Chromium-specific changes are in google.patch. To update the patch, follow these
steps, or simply run update_google_patch.sh from the commandline.
1) Checkout zxcvb-cpp:
$ git clone https://thelig.ht/code/zxcvbn-cpp
$ cd zxcvbn-cpp
$ git checkout 6559806fc0c1671aa2d77dfc66e1d4784a57beaa
2) Apply the existing patch:
$ patch -p1 -i ~/src/third_party/zxcvbn-cpp/google.patch
3) Make your new changes inside the git zxcvbn-cpp directory.
4) Generate the updated patch:
$ git diff > ~/src/third_party/zxcvbn-cpp/google.patch
Applied the following changes:
- Fix compilation under clang with -Werror and
-DUNICODE.
- Removes static initializers in
adjacency_graphs.hpp and adjacency_graphs.cpp and greatly reduces binary size
impact by replacing optional std::strings with std::string_view.
- Removes static initializers elsewhere by
either inlining the expression, or making use of static base::NoDestructors.
- Adds a ParseRankedDictionary API to
frequency_lists.hpp to support providing the dictionaries via component
updater and adds an option to build_frequency_lists.py to output the processed
text files. Furthermore, removes the need to auto generate
_frequency_lists.hpp and _frequency_lists.cpp
- Replaced string utilities from utils.cpp with //base's
UTF8 API.
- Fixes a bug inside scoring.cpp triggered when the
number of computed guesses exceeds DBL_MAX.
- Use base::flat_map instead of std::unordered_map
for ranked dictionaries to reduce memory foot print.
- Switched the regex engine in matching.cpp from
std::regex to ICU's regex, so that repeat matches work with multi-byte code
points. Also guarded an assert in scoring.cpp that was hit for non-ASCII
passwords.
- Dropped the data dictionary from the check-out, as the data will now be
provided via component updater. The used dictionaries can be found at
https://github.com/rianhunter/zxcvbn-cpp/tree/cf092c952cd2325ce390b2691231a8f1cb195d59/data
- Removed the demo/ folder and zxcvbnn_post.js from the checkout. They only
contained JavaScript that is irrevelant for the intended usage in Chromium.
- Removed Python sources, unneeded config files, JavaScript bindings, C wrapper
and incomplete C++ entrypoints from native-src, since they are unused / not
necessary for Chromium
- Reduce browser memory usage by ~2.0 MiB on
64bit, ~0.65 MiB on 32bit (https://crrev.com/c/2842124).
- Adds a wrapper around the binary blob that
the contents of RankedDicts to allow reading it either directory from memory
or from a memory mapped file.
- Explicitly include <utility> in optional.hpp to
remove an implicit transitive include dependency in libc++ that will no longer
exist once Chrome is built with -fmodules.
- Replace usages of std::wstring_convert with
//base equivalents as the former is deprecated in C++17.
- Add a getter for testing and replace
StringPiece with std::string_view.
Ran the following commands to generate adjacency graphs:
$ python ./data-scripts/build_keyboard_adjacency_graphs.py ./native-src/zxcvbn/adjacency_graphs.hpp
$ python ./data-scripts/build_keyboard_adjacency_graphs.py ./native-src/zxcvbn/adjacency_graphs.cpp
Ported test/test-matching.coffee and test/test-scoring.coffee to C++ unitests
(test/matching_unittest.cc and test/scoring_unittest.cc).
Added fuzzers for matching and scoring (test/matching_fuzzer.cc and
test/scoring_fuzzer.cc).
|
