对数字密码进行排名的算法？

Question

I'm studying a (mobile) app where I need to get a user PIN: a numeric "passcode" of 6/8 ciphers, input with something like this UI:

So, in a registration step, the user configure his one passcode (as it would be a password).

Let say the passcode must have a fixed size (say 8 ciphers: ********)

My question is related to a possible algorithm to verify/check the number that user choose, giving a bad rank in case of repeated ciphers or standard cipher patterns ( 12345678 , 00001111 ), easily predicible by a malicious crackers...

Any idea for such an algorithm ?

At firs glance the algorithm could discourage (bad rank) a passcod containing repeated ciphers, simething like:

00117788
88886611 

or "usual" ascending/descending patterns as:

12345678
98765432

Or numeric patterns related to personal, by example in my case, I'm born in 02 September 1963, so it could be a bad idea to have as passcode:

02091963

Instead, sequence that appear to me as "good" could be by example these one:

18745098 
90574808
07629301

Collateral question: do you think that a numeric passcode of let say 8 ciphers could be an acceptable solution as "password" to validate a payment transaction ?

BTW, I'm coding in Ruby.

thanks for your patience!

giorgio

Answer 1

For your first 2 cases:

Number of repeated consecutive characters in the string:

str = "00117788"
str.chars.each_cons(2).select {|a,b| a == b}.count
#=> 4

Or as @CarySwoveland pointed out this will have the same result

str.size - str.squeeze.size
#=> 4

Number of incremented characters

str = "12345678"
str.chars.map(&:to_i).each_slice(2).select {|a,b| (a + 1) == b || (a - 1) == b }.count
#=> 4
#note this will also return 4 for "12563478"
# you could also use str.chars.map(&:to_i).each_cons(2).select {|a,b| (a + 1) == b || (a - 1) == b }.count
# This will return 7 for "12345678" and still return 4 for "12563478"

You could combine the above 2 as well like

str = "00117788"
str.chars.map(&:to_i).each_cons(2).select {|a,b| (a + 1) == b || (a - 1) == b || a == b }.count
#=> 6

As for the "personal" issue if you have the birth day then something as simple as this should work:

require 'date'
birth_day = Date.new(1963,9,2)
str = "02091963"
str == birth_day.strftime("%d%m%Y")
#=> true

Although for the last one I would suggest comparing multiple formats eg %Y%m%d and %m%d%Y etc. you could even do something like

str.chars.sort == birth_day.strftime("%d%m%Y").chars.sort
#=> true

To make sure they don't just use those numbers in some jumbled format.

Hopefully this would get you started since I don't know what your thresholds are for "good" and "bad" these are just suggestions for checking the values. Although it seems the definition for "good" should just be not "bad". Sort of like a validity check.

If I were to suggest a score of < 4 using methods 1 and 2 (or the combination method) && not an assortment of birth_day numbers would probably be sufficient eg

def tester(str,birth_date)
  return false if ![6,8].include?(str.size)
  b_day = birth_date.strftime("%Y%m%d").chars.sort
  str.chars.map(&:to_i).each_cons(2).select  do |a,b| 
    (a + 1) == b || 
    (a - 1) == b || 
    a == b 
  end.count < 4 && b_day != str.chars.sort
end
tester("00112233",Date.new(1963,9,2))
#=> false
tester("18745098",Date.new(1963,9,2))
#=> true

Seems like it works with your examples

arry = ["00117788","88886611","12345678","98765432","02091963","18745098","90574808","07629301"]
Hash[arry.map{|v| [v,tester(v,Date.new(1963,9,2))]}]
#=>=> {"00117788"=>false, "88886611"=>false, 
       "12345678"=>false, "98765432"=>false, 
       "02091963"=>false, "18745098"=>true, 
       "90574808"=>true, "07629301"=>true}