Fix keepassxc-browser password entropy display (#3107)

* Pass correct entropy amount to keepassxc-browser instead of amount of bits for both password and passphrase. * Rename json key from "login" to "entropy" (keeping "login" key for backwards compatibility). * Also make some changes to entropy calculation methods: - Rename PassphraseGenerator::calculateEntropy to estimateEntropy - Rename PasswordGenerator::calculateEntropy to estimateEntropy
author: AndrolGenhald <AndrolGenhald@users.noreply.github.com> 2019-06-20 03:40:41 +0300
committer: Jonathan White <support@dmapps.us> 2019-06-20 03:40:41 +0300
commit: e40f10657d4e59f60cd1cb7d2b8d7d4a67905b01 (patch)
tree: 34ec9b3cfc404efda71c372b9a653b109dbb73d6 /src
parent: 7ceca8ff3c0ce971a3cfa38719b45330c73e55ad (diff)
8 files changed, 25 insertions, 19 deletions
diff --git a/src/browser/BrowserAction.cpp b/src/browser/BrowserAction.cpp
index 1ea73b3fd..a303df7a5 100644
--- a/src/browser/BrowserAction.cpp
+++ b/src/browser/BrowserAction.cpp
@@ -278,18 +278,18 @@ QJsonObject BrowserAction::handleGetLogins(const QJsonObject& json, const QStrin
 
 QJsonObject BrowserAction::handleGeneratePassword(const QJsonObject& json, const QString& action)
 {
-    const QString nonce = json.value("nonce").toString();
-    const QString password = browserSettings()->generatePassword();
+    auto nonce = json.value("nonce").toString();
+    auto password = browserSettings()->generatePassword();
 
     if (nonce.isEmpty() || password.isEmpty()) {
         return QJsonObject();
     }
 
+    // For backwards compatibility
+    password["login"] = password["entropy"];
+
     QJsonArray arr;
-    QJsonObject passwd;
-    passwd["login"] = QString::number(password.length() * 8); // bits;
-    passwd["password"] = password;
-    arr.append(passwd);
+    arr.append(password);
 
     const QString newNonce = incrementNonce(nonce);
 
diff --git a/src/browser/BrowserSettings.cpp b/src/browser/BrowserSettings.cpp
index 667812d1f..a284488e5 100644
--- a/src/browser/BrowserSettings.cpp
+++ b/src/browser/BrowserSettings.cpp
@@ -512,18 +512,23 @@ PasswordGenerator::GeneratorFlags BrowserSettings::passwordGeneratorFlags()
     return flags;
 }
 
-QString BrowserSettings::generatePassword()
+QJsonObject BrowserSettings::generatePassword()
 {
+    QJsonObject password;
     if (generatorType() == 0) {
         m_passwordGenerator.setLength(passwordLength());
         m_passwordGenerator.setCharClasses(passwordCharClasses());
         m_passwordGenerator.setFlags(passwordGeneratorFlags());
-        return m_passwordGenerator.generatePassword();
+        const QString pw = m_passwordGenerator.generatePassword();
+        password["entropy"] = m_passwordGenerator.estimateEntropy(pw);
+        password["password"] = pw;
     } else {
         m_passPhraseGenerator.setWordCount(passPhraseWordCount());
         m_passPhraseGenerator.setWordSeparator(passPhraseWordSeparator());
-        return m_passPhraseGenerator.generatePassphrase();
+        password["entropy"] = m_passPhraseGenerator.estimateEntropy();
+        password["password"] = m_passPhraseGenerator.generatePassphrase();
     }
+    return password;
 }
 
 void BrowserSettings::updateBinaryPaths(const QString& customProxyLocation)
diff --git a/src/browser/BrowserSettings.h b/src/browser/BrowserSettings.h
index b47e92866..bc8f2de18 100644
--- a/src/browser/BrowserSettings.h
+++ b/src/browser/BrowserSettings.h
@@ -119,7 +119,7 @@ public:
     void setPasswordLength(int length);
     PasswordGenerator::CharClasses passwordCharClasses();
     PasswordGenerator::GeneratorFlags passwordGeneratorFlags();
-    QString generatePassword();
+    QJsonObject generatePassword();
     void updateBinaryPaths(const QString& customProxyLocation = QString());
     bool checkIfProxyExists(QString& path);
 
diff --git a/src/core/PassphraseGenerator.cpp b/src/core/PassphraseGenerator.cpp
index a94035e82..b14886a1a 100644
--- a/src/core/PassphraseGenerator.cpp
+++ b/src/core/PassphraseGenerator.cpp
@@ -35,15 +35,16 @@ PassphraseGenerator::PassphraseGenerator()
     setDefaultWordList();
 }
 
-double PassphraseGenerator::calculateEntropy(const QString& passphrase)
+double PassphraseGenerator::estimateEntropy(int wordCount)
 {
-    Q_UNUSED(passphrase);
-
     if (m_wordlist.isEmpty()) {
         return 0.0;
     }
+    if (wordCount < 1) {
+        wordCount = m_wordCount;
+    }
 
-    return std::log2(m_wordlist.size()) * m_wordCount;
+    return std::log2(m_wordlist.size()) * wordCount;
 }
 
 void PassphraseGenerator::setWordCount(int wordCount)
diff --git a/src/core/PassphraseGenerator.h b/src/core/PassphraseGenerator.h
index 3cda1b7c3..5868faab4 100644
--- a/src/core/PassphraseGenerator.h
+++ b/src/core/PassphraseGenerator.h
@@ -35,7 +35,7 @@ public:
         TITLECASE
     };
 
-    double calculateEntropy(const QString& passphrase);
+    double estimateEntropy(int wordCount = 0);
     void setWordCount(int wordCount);
     void setWordList(const QString& path);
     void setWordCase(PassphraseWordCase wordCase);
diff --git a/src/core/PasswordGenerator.cpp b/src/core/PasswordGenerator.cpp
index 1132582d6..e203af672 100644
--- a/src/core/PasswordGenerator.cpp
+++ b/src/core/PasswordGenerator.cpp
@@ -31,7 +31,7 @@ PasswordGenerator::PasswordGenerator()
 {
 }
 
-double PasswordGenerator::calculateEntropy(const QString& password)
+double PasswordGenerator::estimateEntropy(const QString& password)
 {
     return ZxcvbnMatch(password.toLatin1(), nullptr, nullptr);
 }
diff --git a/src/core/PasswordGenerator.h b/src/core/PasswordGenerator.h
index 7bfdddd69..22627d25b 100644
--- a/src/core/PasswordGenerator.h
+++ b/src/core/PasswordGenerator.h
@@ -57,7 +57,7 @@ public:
 public:
     PasswordGenerator();
 
-    double calculateEntropy(const QString& password);
+    double estimateEntropy(const QString& password);
     void setLength(int length);
     void setCharClasses(const CharClasses& classes);
     void setFlags(const GeneratorFlags& flags);
diff --git a/src/gui/PasswordGeneratorWidget.cpp b/src/gui/PasswordGeneratorWidget.cpp
index 5f3d43497..902dbdfea 100644
--- a/src/gui/PasswordGeneratorWidget.cpp
+++ b/src/gui/PasswordGeneratorWidget.cpp
@@ -254,9 +254,9 @@ void PasswordGeneratorWidget::updatePasswordStrength(const QString& password)
 {
     double entropy = 0.0;
     if (m_ui->tabWidget->currentIndex() == Password) {
-        entropy = m_passwordGenerator->calculateEntropy(password);
+        entropy = m_passwordGenerator->estimateEntropy(password);
     } else {
-        entropy = m_dicewareGenerator->calculateEntropy(password);
+        entropy = m_dicewareGenerator->estimateEntropy();
     }
 
     m_ui->entropyLabel->setText(tr("Entropy: %1 bit").arg(QString::number(entropy, 'f', 2)));
author	AndrolGenhald <AndrolGenhald@users.noreply.github.com>	2019-06-20 03:40:41 +0300
committer	Jonathan White <support@dmapps.us>	2019-06-20 03:40:41 +0300
commit	e40f10657d4e59f60cd1cb7d2b8d7d4a67905b01 (patch)
tree	34ec9b3cfc404efda71c372b9a653b109dbb73d6 /src
parent	7ceca8ff3c0ce971a3cfa38719b45330c73e55ad (diff)