feat(strata-cli): warn user about password strength

alpenlabs · Oct 9, 2024 · b3709c1 · b3709c1
1 parent 953d9f4
commit b3709c1
Show file tree

Hide file tree

Showing 5 changed files with 92 additions and 1 deletion.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/bin/strata-cli/Cargo.toml b/bin/strata-cli/Cargo.toml
@@ -42,6 +42,7 @@ sled = "0.34.7"
 strata-bridge-tx-builder.workspace = true
 terrors.workspace = true
 tokio.workspace = true
+zxcvbn = "3.1.0"
 
 # sha2 fails to compile on windows with the "asm" feature
 [target.'cfg(not(target_os = "windows"))'.dependencies]

diff --git a/bin/strata-cli/src/cmd/change_pwd.rs b/bin/strata-cli/src/cmd/change_pwd.rs
@@ -1,6 +1,7 @@
 use argh::FromArgs;
 use console::Term;
 use rand::thread_rng;
+use zxcvbn::Score;
 
 use crate::seed::{password::Password, EncryptedSeedPersister, Seed};
 
@@ -12,6 +13,17 @@ pub struct ChangePwdArgs {}
 pub async fn change_pwd(_args: ChangePwdArgs, seed: Seed, persister: impl EncryptedSeedPersister) {
     let term = Term::stdout();
     let mut new_pw = Password::read(true).unwrap();
+    let entropy = new_pw.entropy();
+    let _ = term.write_line(format!("Password strength (Overall strength score from 0-4, where anything below 3 is too weak): {}", entropy.score()).as_str());
+    if entropy.score() <= Score::Two {
+        let _ = term.write_line(
+            entropy
+                .feedback()
+                .expect("No feedback")
+                .to_string()
+                .as_str(),
+        );
+    }
     let encrypted_seed = seed.encrypt(&mut new_pw, &mut thread_rng()).unwrap();
     persister.save(&encrypted_seed).unwrap();
     let _ = term.write_line("Password changed successfully");

diff --git a/bin/strata-cli/src/seed.rs b/bin/strata-cli/src/seed.rs
@@ -15,6 +15,7 @@ use password::{HashVersion, IncorrectPassword, Password};
 use rand::{thread_rng, Rng, RngCore};
 use sha2::{Digest, Sha256};
 use terrors::OneOf;
+use zxcvbn::Score;
 
 use crate::constants::{AES_NONCE_LEN, AES_TAG_LEN, PW_SALT_LEN, SEED_LEN};
 
@@ -194,6 +195,17 @@ pub fn load_or_create(
         };
 
         let mut password = Password::read(true).map_err(OneOf::new)?;
+        let entropy = password.entropy();
+        let _ = term.write_line(format!("Password strength (Overall strength score from 0-4, where anything below 3 is too weak): {}", entropy.score()).as_str());
+        if entropy.score() <= Score::Two {
+            let _ = term.write_line(
+                entropy
+                    .feedback()
+                    .expect("No feedback")
+                    .to_string()
+                    .as_str(),
+            );
+        }
         let encrypted_seed = match seed.encrypt(&mut password, &mut thread_rng()) {
             Ok(es) => es,
             Err(e) => {

diff --git a/bin/strata-cli/src/seed/password.rs b/bin/strata-cli/src/seed/password.rs
@@ -1,5 +1,6 @@
 use argon2::{Algorithm, Argon2, Params, Version};
 use dialoguer::Password as InputPassword;
+use zxcvbn::{zxcvbn, Entropy};
 
 use super::PW_SALT_LEN;
 
@@ -49,6 +50,11 @@ impl Password {
         })
     }
 
+    /// Returns the password entropy.
+    pub fn entropy(&self) -> Entropy {
+        zxcvbn(self.inner.as_str(), &[])
+    }
+
     pub fn seed_encryption_key(
         &mut self,
         salt: &[u8; PW_SALT_LEN],