def compute_secloss(guess_file, attpwf, chlpwf, q=100):
chlpwm = Passwords(chlpwf, max_pass_len=25, min_pass_len=5)
attpwm = Passwords(attpwf, max_pass_len=25, min_pass_len=5)
guesses = [w for w, _ in json.load(open(guess_file))]
guess_set = set(guesses)
q = len(guesses)
print("Found {} guesses".format(q))
lambda_q = sum(chlpwm.pw2freq(pw) for _id, pw, f
in attpwm.iterpws(q))/float(chlpwm.totalf())
print("Normal succces: {}".format(lambda_q))
union_ball = set([
rpw
for w in guesses
for rpw in KB.word_to_typos(str(w))
if chlpwm.pw2id(rpw)>=0
]) | guess_set
print("Worst case success rate = {}"\
.format(sum(chlpwm.pw2freq(w) for w in union_ball)/float(chlpwm.totalf())))
# global N
# N = 10000
# M, A, typo_trie, _ = read_pw_nh_graph(chlpwf, N)
# Mprime = np.zeros((M.shape[0], NH_SIZE+1))
# B = [[] for _ in guesses]
# # for g in xrange(M.shape[0]):
# M = Mprime
# fuzzlambda_q = 0.0
# guess_key_ids = [get_trie_id(typo_trie, g) for g in guess_set]
# killed = []
# for rpw in union_ball:
# try:
# rpwid = typo_trie.key_id(unicode(rpw))
# for g in guess_key_ids:
# if (M[M[:, 0] == rpwid] == g).any:
# killed.append(rpw)
# except KeyError:
# continue
# fuzzlambda_q = sum([chlpwm.pw2freq(w) for w in killed])/chlpwm.totalf()
# for rpw in union_ball:
# a = set(get_topk_typos(rpw, NH_SIZE+1)) & guess_set
# if a:
# print rpw, chlpwm.pw2freq(rpw)
fuzzlambda_q = sum(
chlpwm.pw2freq(rpw)
for rpw in union_ball
if len(set(get_topk_typos(rpw, NH_SIZE)) & guess_set)>0
)/float(chlpwm.totalf())
# print("fuzzlambda_q:", fuzzlambda_q),
# lambda_topk_q = sum(
# chlpwm.pw2freq(rpw)
# for rpw in union_ball
# if len(set(get_typodist_nh(rpw, NH_SIZE)) & guess_set)>0
# )/chlpwm.totalf()
print("fuzzlambda_q: ", fuzzlambda_q)
print("Secloss:", fuzzlambda_q - lambda_q)
def compute_black_list_succ(fname, b, q, sketch_size):
"""Computes the offline success rate of an attacker who has access to
the sketch and wants to make q (int) queries per password.
b is either a number or a set. If b is a number then this specify
black listing top b passwords. fname is the attacker's password
model. In case b is a number, then the black list is chosen from
the top b passwords of the attacker's model, which sounds iffy,
but that implies that the attacker has complete knowledge of the
real password distribuion.
"""
pwf = Passwords(fname)
n_sketches = 2**sketch_size
n = q * n_sketches
pwarr, farr = ['' for _ in range(n)], [0 for _ in range(n)]
pwiter = pwf.iterpws()
for i in range(n):
pwarr[i], farr[i] = pwiter.next()
if isinstance(b, int):
b = pwarr[:b]
if not isinstance(b, set):
b = set(b)
i, j = 0, 0
nfarr = np.zeros(n * n_sketches)
for i in range(n):
if pwarr[i] in b:
nfarr[j:j+n_sketches] = float(farr[i])/n_sketches
j += n_sketches
else:
nfarr[j] = farr[i]
j += 1
if j>nfarr.shape[0]: break
print nfarr.shape, n
if nfarr.shape[0]<n:
return -np.partition(-nfarr, n)[:n].sum()/pwf.totalf()
else:
return nfarr.sum()/pwf.totalf()