private IEnumerable <string> SelectPasswords(IRandomNumberGenerator random, int length, int count)
{
length = Math.Min(length, MaxLength);
count = Math.Min(count, MaxCount);
if (count <= 0 || length <= 0)
{
yield break;
}
var sw = System.Diagnostics.Stopwatch.StartNew();
for (int i = 0; i < count; i++)
{
var bytes = random.GetRandomBytes(length);
var result = String.Join("", bytes.Select(x => x.ToString("x2")));
yield return(result);
}
sw.Stop();
var bytesRequested = (int)((random as Terninger.Random.CypherBasedPrngGenerator)?.BytesRequested).GetValueOrDefault();
RandomService.LogPasswordStat("Hex", count, sw.Elapsed, bytesRequested, IPAddressHelpers.GetHostOrCacheIp(Request).AddressFamily, HttpContext.GetApiKeyId());
if (!IpThrottlerService.HasAnyUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request)))
{
RandomService.AddWebRequestEntropy(this.Request);
}
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), count);
}
[OutputCache(Duration = 60 * 60)] // Cache for one hour.
#endif
public ActionResult Combinations(int?l)
{
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), 1);
// Return information about the number of combinations as a JSON object.
var length = Math.Min(l.HasValue ? l.Value : DefaultLength, MaxLength);
var result = new JsonCombinationContainer();
result.combinations = Math.Pow(256, length);
return(new JsonNetResult(result));
}
[OutputCache(Duration = 60 * 60)] // Cache for one hour.
#endif
public ActionResult Combinations(int?sc)
{
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), 1);
var syllableCount = Math.Min(sc.HasValue ? sc.Value : DefaultSyllableCount, MaxSyllableCount);
// Return information about the number of combinations as a JSON object.
var result = new JsonCombinationContainer();
result.combinations = Math.Pow(ConsonantSounds.Length * VowelSounds.Length * (ConsonantSounds.Length * ProbabilityOfTwoConsonantsInOneSyllable), syllableCount);
return(new JsonNetResult(result));
}
public ApiV1Controller(PooledEntropyCprngGenerator terninger
, PasswordRatingService ratingService
, PasswordStatisticService statisticService
, IpThrottlerService ipThrottler
, DictionaryService dictionaryService)
{
_Terninger = terninger;
_RatingService = ratingService;
_StatisticService = statisticService;
_IpThrottler = ipThrottler;
_DictionaryService = dictionaryService;
}
[OutputCache(Duration = 60 * 60)] // Cache for one hour.
#endif
public ActionResult Combinations(int?wc)
{
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), 1);
// Return information about the number of combinations as a JSON object.
var result = new JsonCombinationContainer();
var wordCount = Math.Min(wc.HasValue ? wc.Value : DefaultWords, MaxWords);
var dict = Dictionary.Value;
result.combinations = Math.Pow(dict.Count, wordCount);
return(new JsonNetResult(result));
}
private IEnumerable <string> SelectPasswords(IRandomNumberGenerator random, int syllableCount, int count, bool hyphansBetweenSyllables)
{
syllableCount = Math.Min(syllableCount, MaxSyllableCount);
count = Math.Min(count, MaxCount);
if (count <= 0 || syllableCount <= 0)
{
yield break;
}
var sw = System.Diagnostics.Stopwatch.StartNew();
var sb = new StringBuilder();
for (int c = 0; c < count; c++)
{
// Generate a password.
for (int l = 0; l < syllableCount; l++)
{
sb.Append(ConsonantSounds[random.GetRandomInt32(ConsonantSounds.Length)]);
sb.Append(VowelSounds[random.GetRandomInt32(VowelSounds.Length)]);
if (sb[sb.Length - 2] != 'g' && sb[sb.Length - 1] != 'h' &&
random.GetRandomSingle() < ProbabilityOfTwoConsonantsInOneSyllable)
{
sb.Append(ConsonantSounds[random.GetRandomInt32(ConsonantSounds.Length)]);
}
if (hyphansBetweenSyllables)
{
sb.Append('-');
}
}
if (hyphansBetweenSyllables && sb[sb.Length - 1] == '-')
{
sb.Remove(sb.Length - 1, 1);
}
// Yield the phrase and reset state.
var result = sb.ToString();
yield return(result);
sb.Clear();
}
sw.Stop();
var bytesRequested = (int)((random as Terninger.Random.CypherBasedPrngGenerator)?.BytesRequested).GetValueOrDefault();
RandomService.LogPasswordStat("Pronouncable", count, sw.Elapsed, bytesRequested, IPAddressHelpers.GetHostOrCacheIp(Request).AddressFamily, HttpContext.GetApiKeyId());
if (!IpThrottlerService.HasAnyUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request)))
{
RandomService.AddWebRequestEntropy(this.Request);
}
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), count);
}
[OutputCache(Duration = 60 * 60)] // Cache for one hour.
#endif
public ActionResult Combinations(int?l)
{
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), 1);
// Return information about the number of combinations as a JSON object.
var result = new JsonCombinationContainer();
var length = Math.Min(l.HasValue ? l.Value : DefaultLength, MaxLength);
result.combinations = Math.Pow(Characters.Length, length);
result.combinations -= (double)Blacklist.Value.Count(x => x.Length == l); // Remove blacklist entries.
result.rating = PasswordRatingService.RatePin(result.combinations);
return(new JsonNetResult(result));
}
[OutputCache(Duration = 60 * 60)] // Cache for one hour.
#endif
public ActionResult Combinations(int?l, string sym)
{
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), 1);
// Return information about the number of combinations as a JSON object.
var result = new JsonCombinationContainer();
var length = Math.Min(l.HasValue ? l.Value : DefaultLength, MaxLength);
var symbols = sym.IsTruthy(DefaultSymbols);
var charCount = symbols ? AllCharacters.Length : AlphanumericCharacters.Length;
result.combinations = Math.Pow(charCount, length);
return(new JsonNetResult(result));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (IpThrottlerService.HasExceededLimit(IPAddressHelpers.GetHostOrCacheIp(filterContext.HttpContext.Request), filterContext.HttpContext.GetApiKeyId()))
{
bool isAjaxRequest = false;
if (isAjaxRequest)
{
// TODO: return a friendly message about IP limiting with appropriate HTTP status code.
filterContext.Result = new HttpStatusCodeResult(429, "{ 'message':'You have exceeded IP based limits. These will be lifted automatically within 2 hours.'");
}
else
{
// TODO: return plain text details about the error.
filterContext.Result = new HttpStatusCodeResult(429, "You have exceeded IP based limits. These will be lifted automatically within 2 hours.");
}
}
}
private IEnumerable <string> SelectPins(IRandomNumberGenerator random, int length, int count)
{
length = Math.Min(length, MaxLength);
count = Math.Min(count, MaxCount);
if (count <= 0 || length <= 0)
{
yield break;
}
var sw = System.Diagnostics.Stopwatch.StartNew();
var sb = new StringBuilder();
var blacklist = Blacklist.Value;
for (int c = 0; c < count; c++)
{
for (int l = 0; l < length; l++)
{
sb.Append(Characters[random.GetRandomInt32(Characters.Length)]);
}
var candidate = sb.ToString();
if (!blacklist.Contains(candidate)
// 4 digit PINs starting with '19' are more likely, so weight them lower.
|| (length == 4 && candidate.Substring(0, 2) == "19" && random.GetRandomInt32(0, 3) == 0))
{
yield return(candidate);
}
sb.Clear();
}
sw.Stop();
var bytesRequested = (int)((random as Terninger.Random.CypherBasedPrngGenerator)?.BytesRequested).GetValueOrDefault();
RandomService.LogPasswordStat("Pin", count, sw.Elapsed, bytesRequested, IPAddressHelpers.GetHostOrCacheIp(Request).AddressFamily, HttpContext.GetApiKeyId());
if (!IpThrottlerService.HasAnyUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request)))
{
RandomService.AddWebRequestEntropy(this.Request);
}
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), count);
}
private IEnumerable <string> SelectPasswords(IRandomNumberGenerator random, int length, int count, bool includeSymbols)
{
length = Math.Min(length, MaxLength);
count = Math.Min(count, MaxCount);
if (count <= 0 || length <= 0)
{
yield break;
}
var sw = System.Diagnostics.Stopwatch.StartNew();
var chars = includeSymbols ? AllCharacters : AlphanumericCharacters;
var sb = new StringBuilder();
for (int c = 0; c < count; c++)
{
for (int l = 0; l < length; l++)
{
sb.Append(chars[random.GetRandomInt32(chars.Length)]);
}
var result = sb.ToString();
yield return(result);
sb.Clear();
}
sw.Stop();
var bytesRequested = (int)((random as Terninger.Random.CypherBasedPrngGenerator)?.BytesRequested).GetValueOrDefault();
RandomService.LogPasswordStat("AlphaNumeric", count, sw.Elapsed, bytesRequested, IPAddressHelpers.GetHostOrCacheIp(Request).AddressFamily, HttpContext.GetApiKeyId());
if (!IpThrottlerService.HasAnyUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request)))
{
RandomService.AddWebRequestEntropy(this.Request);
}
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), count);
}
[OutputCache(Duration = 60 * 60)] // Cache for one hour.
#endif
public ActionResult Combinations(int?l, string bmp, string asian)
{
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), 1);
var length = Math.Min(l.HasValue ? l.Value : DefaultLength, MaxLength);
var onlyFromBasicMultilingualPlane = bmp.IsTruthy(DefaultBmp);
var includeEastAsianCharacters = asian.IsTruthy(DefaultAsian);
var allowedCategories = includeEastAsianCharacters ? AsianCategories : DefaultCategories;
var mask = onlyFromBasicMultilingualPlane ? 0x0000ffff : 0x001fffff;
// This takes ~100ms to calculate on Murray's laptop, so we cache it.
// Unless new unicode characters magicly appear, the result will always be the same for our 3 inputs.
var cacheKey = (length
| (onlyFromBasicMultilingualPlane ? 0x01000000 : 0)
| (includeEastAsianCharacters ? 0x02000000 : 0)).ToString("x8");
int keyspace = 0;
var maybeKeyspace = MemoryCache.Default[cacheKey];
if (maybeKeyspace == null)
{
maybeKeyspace = Enumerable.Range(0, 0x001fffff & mask)
.Where(cp => !(this.InvalidSurrogateCodePoints(cp) || this.InvalidMaxCodePoints(cp)))
.Select(cp => Char.ConvertFromUtf32(cp))
.Where(s => allowedCategories.Contains(Char.GetUnicodeCategory(s, 0)))
.Count();
MemoryCache.Default.Add(cacheKey, maybeKeyspace, DateTimeOffset.Now.AddHours(8));
}
keyspace = (int)maybeKeyspace;
// Return information about the number of combinations as a JSON object.
var result = new JsonCombinationContainer();
result.combinations = Math.Pow(keyspace, length);
return(new JsonNetResult(result));
}
private IEnumerable <string> SelectPhrases(IRandomNumberGenerator random, int wordCount, int phraseCount, bool spaces, int minChars, int maxChars, NumericStyles whenNumeric, int numbersToAdd, AllUppercaseStyles whenUpper, int uppersToAdd)
{
if (minChars > maxChars)
{
yield break;
}
phraseCount = Math.Min(phraseCount, MaxCount);
wordCount = Math.Min(wordCount, MaxWords);
if (phraseCount <= 0 || wordCount <= 0)
{
yield break;
}
var sw = System.Diagnostics.Stopwatch.StartNew();
var sb = new StringBuilder();
var dict = Dictionary.Value;
int attempts = 0;
ICollection <IMutator> mutators = null;
if (whenNumeric != NumericStyles.Never || whenUpper != AllUppercaseStyles.Never)
{
mutators = new List <IMutator>();
}
if (whenNumeric != NumericStyles.Never)
{
mutators.Add(new NumericMutator()
{
When = whenNumeric, NumberOfNumbersToAdd = numbersToAdd
});
}
if (whenUpper == AllUppercaseStyles.Anywhere)
{
mutators.Add(new UppercaseMutator()
{
When = UppercaseStyles.Anywhere, NumberOfCharactersToCapitalise = uppersToAdd
});
}
else if (whenUpper == AllUppercaseStyles.StartOfWord)
{
mutators.Add(new UppercaseMutator()
{
When = UppercaseStyles.StartOfWord, NumberOfCharactersToCapitalise = uppersToAdd
});
}
else if (whenUpper == AllUppercaseStyles.WholeWord)
{
mutators.Add(new UppercaseWordMutator()
{
NumberOfWordsToCapitalise = uppersToAdd
});
}
else if (whenUpper == AllUppercaseStyles.RunOfLetters)
{
mutators.Add(new UppercaseRunMutator()
{
NumberOfRuns = uppersToAdd
});
}
MurrayGrant.ReadablePassphrase.Random.RandomSourceBase randomWrapper = null;
if (mutators != null)
{
randomWrapper = new MurrayGrant.ReadablePassphrase.Random.ExternalRandomSource(random.GetRandomBytes);
}
for (int c = 0; c < phraseCount; c++)
{
do
{
// Generate a phrase.
for (int l = 0; l < wordCount; l++)
{
sb.Append(dict[random.GetRandomInt32(dict.Count)]);
sb.Append(' ');
}
sb.Remove(sb.Length - 1, 1);
// Apply mutators.
if (mutators != null)
{
foreach (var m in mutators)
{
m.Mutate(sb, randomWrapper);
}
}
// Finally, remove spaces if required (as the mutators depend on whitespace to do their work).
if (!spaces)
{
for (int i = sb.Length - 1; i >= 0; i--)
{
if (sb[i] == ' ')
{
sb.Remove(i, 1);
}
}
}
attempts++;
// Ensure the final phrase is within the min / max chars.
} while (attempts < MaxAttemptsPerCount && (sb.Length < minChars || sb.Length > maxChars));
if (attempts >= MaxAttemptsPerCount)
{
sb.Clear();
sb.Append("A passphrase could not be found matching your minimum and maximum length requirements");
}
// Yield the phrase and reset state.
var result = sb.ToString();
yield return(result);
sb.Clear();
attempts = 0;
}
sw.Stop();
var bytesRequested = (int)((random as Terninger.Random.CypherBasedPrngGenerator)?.BytesRequested).GetValueOrDefault();
RandomService.LogPasswordStat("Passphrase", phraseCount, sw.Elapsed, bytesRequested, IPAddressHelpers.GetHostOrCacheIp(Request).AddressFamily, HttpContext.GetApiKeyId());
if (!IpThrottlerService.HasAnyUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request)))
{
RandomService.AddWebRequestEntropy(this.Request);
}
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), phraseCount);
}
public ApiV1UnicodeController(PooledEntropyCprngGenerator terninger, PasswordRatingService ratingService, PasswordStatisticService statisticService, IpThrottlerService ipThrottler, DictionaryService dictionaryService
, IMemoryCache memoryCache)
: base(terninger, ratingService, statisticService, ipThrottler, dictionaryService)
{
_MemoryCache = memoryCache;
}
public ApiV1AlphaNumericController(PooledEntropyCprngGenerator terninger, PasswordRatingService ratingService, PasswordStatisticService statisticService, IpThrottlerService ipThrottler, DictionaryService dictionaryService)
: base(terninger, ratingService, statisticService, ipThrottler, dictionaryService)
{
}
public IpThrottlingFilter(IpThrottlerService ipThrottler)
{
_IpThrottler = ipThrottler;
}
private IEnumerable <string> SelectPhrases(IRandomNumberGenerator random, PhraseStrength strength, int phraseCount, bool includeSpaces, int minChars, int maxChars, NumericStyles whenNumeric, int numbersToAdd, AllUppercaseStyles whenUpper, int uppersToAdd)
{
if (minChars > maxChars)
{
yield break;
}
phraseCount = Math.Min(phraseCount, MaxCount);
if (phraseCount <= 0)
{
yield break;
}
var sw = System.Diagnostics.Stopwatch.StartNew();
var generator = this.GetGenerator(random);
int attempts = 0;
ICollection <IMutator> mutators = null;
if (whenNumeric != NumericStyles.Never || whenUpper != AllUppercaseStyles.Never)
{
mutators = new List <IMutator>();
}
if (whenNumeric != NumericStyles.Never)
{
mutators.Add(new NumericMutator()
{
When = whenNumeric, NumberOfNumbersToAdd = numbersToAdd
});
}
if (whenUpper == AllUppercaseStyles.Anywhere)
{
mutators.Add(new UppercaseMutator()
{
When = UppercaseStyles.Anywhere, NumberOfCharactersToCapitalise = uppersToAdd
});
}
else if (whenUpper == AllUppercaseStyles.StartOfWord)
{
mutators.Add(new UppercaseMutator()
{
When = UppercaseStyles.StartOfWord, NumberOfCharactersToCapitalise = uppersToAdd
});
}
else if (whenUpper == AllUppercaseStyles.WholeWord)
{
mutators.Add(new UppercaseWordMutator()
{
NumberOfWordsToCapitalise = uppersToAdd
});
}
else if (whenUpper == AllUppercaseStyles.RunOfLetters)
{
mutators.Add(new UppercaseRunMutator()
{
NumberOfRuns = uppersToAdd
});
}
for (int c = 0; c < phraseCount; c++)
{
string candidate = "";
do
{
// Generate a phrase.
candidate = generator.Generate(strength, " ", mutators);
// Finally, remove spaces if required (as the mutators depend on whitespace to do their work).
if (!includeSpaces)
{
candidate = new string(candidate.Where(ch => ch != ' ').ToArray());
}
attempts++;
// Ensure the final phrase is within the min / max chars.
} while (attempts < MaxAttemptsPerCount && (candidate.Length < minChars || candidate.Length > maxChars));
if (attempts >= MaxAttemptsPerCount)
{
candidate = "A passphrase could not be found matching your minimum and maximum length requirements";
}
// Yield the phrase and reset state.
yield return(candidate);
attempts = 0;
}
sw.Stop();
var bytesRequested = (int)((random as Terninger.Random.CypherBasedPrngGenerator)?.BytesRequested).GetValueOrDefault();
RandomService.LogPasswordStat("ReadablePassphrase", phraseCount, sw.Elapsed, bytesRequested, IPAddressHelpers.GetHostOrCacheIp(Request).AddressFamily, HttpContext.GetApiKeyId());
if (!IpThrottlerService.HasAnyUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request)))
{
RandomService.AddWebRequestEntropy(this.Request);
}
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), phraseCount);
}
private IEnumerable <string> SelectPasswords(IRandomNumberGenerator random, int length, int count, bool onlyFromBasicMultilingualPlane, bool includeEastAsianCharacters)
{
length = Math.Min(length, MaxLength);
count = Math.Min(count, MaxCount);
if (count <= 0 || length <= 0)
{
yield break;
}
var allowedCategories = includeEastAsianCharacters ? AsianCategories : DefaultCategories;
var sw = System.Diagnostics.Stopwatch.StartNew();
int numberOfCharacters = 0, attempts = 0;
var mask = onlyFromBasicMultilingualPlane ? 0x0000ffff : 0x001fffff;
var sb = new StringBuilder();
for (int i = 0; i < count; i++)
{
numberOfCharacters = 0;
attempts = 0;
sb.Clear();
while (numberOfCharacters < length)
{
// Get random int32 and create a code point from it.
// PERF: can reduce number of bytes required here based on the mask.
var codePoint = random.GetRandomInt32();
codePoint = codePoint & mask; // Mask off the top bits, which aren't used.
attempts++;
// Break if too many attempts.
if (attempts > MaxAttemptsPerCodePoint)
{
continue;
}
// Surrogate code points are invalid.
if (this.InvalidSurrogateCodePoints(codePoint))
{
continue;
}
// Ensure the code point is not outside the maximum range.
if (this.InvalidMaxCodePoints(codePoint))
{
continue;
}
// the Int32 to up to 2 Char structs (in a string).
var s = Char.ConvertFromUtf32(codePoint);
var category = Char.GetUnicodeCategory(s, 0);
if (!allowedCategories.Contains(category))
{
// Not allowed category.
continue;
}
sb.Append(s);
numberOfCharacters++;
}
var result = sb.ToString();
yield return(result);
attempts = 0;
}
sw.Stop();
var bytesRequested = (int)((random as Terninger.Random.CypherBasedPrngGenerator)?.BytesRequested).GetValueOrDefault();
RandomService.LogPasswordStat("Unicode", count, sw.Elapsed, bytesRequested, IPAddressHelpers.GetHostOrCacheIp(Request).AddressFamily, HttpContext.GetApiKeyId());
if (!IpThrottlerService.HasAnyUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request)))
{
RandomService.AddWebRequestEntropy(this.Request);
}
IpThrottlerService.IncrementUsage(IPAddressHelpers.GetHostOrCacheIp(this.HttpContext.Request), count);
}
