NAME

Data::Password::zxcvbn::Match::UserInput - match class for words that match other user-supplied information

VERSION

version 1.0.6

DESCRIPTION

This class represents the guess that a certain substring of a password can be guessed by using other pieces of information related to the user: their account name, real name, location, &c.

This is a subclass of Data::Password::zxcvbn::Match::Dictionary.

METHODS

make

my @matches = @{ Data::Password::zxcvbn::Match::UserInput->make(
  $password,
  {
    user_input => \%user_input,
    # this is the default
    l33t_table => \%Data::Password::zxcvbn::Match::Dictionary::l33t_table,
  },
) };

The %user_input hash should be a simple hash mapping field names to strings. It will be converted into a set of dictionaries, one per key, containing words extracted from the strings. For example

{ name => 'Some One', address => '123 Place Street' }

will become:

{ name => { Some => 1, One => 1 },
  address => { 123 => 1, Place => 1, Street => 1 } }

All words get rank 1 because they're obvious guesses from a cracker's point of view.

The rest of the logic is the same as for Dictionary.

feedback_warning

The warnings for this class are very similar to those for Dictionary, but they explicitly mention the field name. Warnings look like:

['The value of the [_1] field is easy to guess','address']

so your localisation library can translate the warning and the field name separately.

AUTHOR

Gianni Ceccarelli <gianni.ceccarelli@broadbean.com>

COPYRIGHT AND LICENSE

This software is copyright (c) 2022 by BroadBean UK, a CareerBuilder Company.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.