开发者

How can I programmatically create/detect keyboard runs in passwords?

I'm looking for a method to create a list of or detect keyboard runs in a password.

I can bound my problem with pas开发者_运维问答sword criteria such as length and number of special characters required.

An example simple key run could be "6yhn^YHN" or "zse4ZSE$".

More complicated key runs could be in different shapes, like a 'V' or 'X' (e.g. "mko0mju7MKO)MJU&")

The initial idea for this was for doing statistical analysis on large password dumps and seeing the prevalence of key run only passwords, but I think it could have positive applications in password strength enforcement tools.


You're not going to do this with regex.

You're going to need to create a graph data structure modeling the keyboard, with each key being a node and the edges being assigned a direction (so node G would have an edge with direction Right and destination H). You could also have an edge going from a key to it's shifted version (or from shifted to unshifted). You can then test for a run in a password by checking that it follows the graph in a consistent direction for N characters.

There's a very large number of possible runs on a keyboard, so I'm not sure that a password that is composed of runs is less secure than other possible passwords...


I don't see how this is related to regex - do you think you can do this with regular expressions? I can't see how.

I think it's a graphing problem, no? Build a graph with all the edges between keys and their neighbors, and then traverse the input and see if it represents a valid traversal of the graph. Your "more complicated runs" are essentially just backtracking - if the next key in the input is not an edge in your graph, go back to the beginning (or maybe backtrack one by one, if you want to cover "T" or other variations?) and see if you can keep traversing...

It's a pretty vague answer for a pretty vague question, wouldn't you say?


This actually probably wouldn't be that hard. Store a collection of objects that represent characters, with properties on them like TL, BR, T, BL (Top Left, Bottom Right, Top, Bottom Left) so for example:

a = RunKey.get("A");



public class RunKey{

    public static Key get(Character char){
        switch(char){
            case A,a: return new A();
            break;
            // one for every letter
        }
     }
 }

 private class A extends RunKey implements IRunKey{

     public IRunKey BR(){
         return new Z();
     }

     public IRunKey TR(){
         return new W();
     }

     public IRunKey T(){
         return new Q();
     }

     public Direction getDirection(Character char){
         tempRunKey = Runkey.get(char);
         if (tempRunKey.T.toString == "char"){
             return T;
         }
     }
 }

I started getting crazy creating a "Direction" interface so its a little more complicated than at first but you only have so many complications and relatively simple objects, so if you kept it light then it would probably remain pretty fast.

I feel like a dynamic language might be the best for something like this...

And yes, as other answers note, regex would not work.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜