A python library intended to help researchers build more practical measures for shoulder surfing attack efficacy.
Project description
shouldersurfscore
This library helps researchers in lab settings develop better metrics to understand the practical password guess quality of shoulder surfing and password guessing attacks.
The library provides the following (their complexity for you to use in parentheses):
- (Advanced): a nuanced set of classes to build an experiment environment including different keyboard layouts, device lockout patterns, and different styles of attackers that can help to better estimate different
- (Medium): predefined equipment to make it easier to get up and running (e.g. an iPhone, with common login restrictions).
- (Easy): defined scores to make it easier to reproduce other researchers' experiments (and when you're ready, hopefully yours too!).
- (Easy): implementations of a few other common metrics for assessing password quality.
Installation
To install, simply use:
pip install shouldersurfscore
How-To Use
Defined Labs
Pre-defined labs can be used to recreate scores used in others' experiments.
For example:
from shouldersurfscore.defined_experiments.built_labs import InitialShoulderSurfScorePaperLab
analysis = InitialShoulderSurfScorePaperLab.run(
actual_password='9163',
observed_password='9613'
)
print(analysis)
Break In Analysis
------------------
actual_password: 9163
observed_password: 9613
password_index: 2
password_index_percent: 1.9801980198019803e-06
elapsed_time: 0s
device_unlocked: True
Other Metrics
Predefined Objects
from shouldersurfscore.analysis.breakin_analysis import BreakInAnalysis
from shouldersurfscore.classes import guessing_strategies
from shouldersurfscore.classes.lab import Lab
from shouldersurfscore.equipment.devices import Devices
device = Devices.get_iphone()
# Define strategies
pin_lengths = [4, 6]
# If the observed password doesn't work
# then all possible passwords will be tried in sequential order
# until successful or device goes into lock out.
strategies: list[guessing_strategies.GuessingStrategy] = [
# Initialize brute force method with which characters are valid
# and which pin lengths are valid
guessing_strategies.BruteForceGuessing(device.keyboard.characters, pin_lengths)
]
password = "2290"
observed_password = "9163"
analysis = Lab.run(device, strategies, password, observed_password)
print(analysis)
Break In Analysis
------------------
actual_password: 2290
observed_password: 9163
password_index: 1190
password_index_percent: 0.0011782178217821782
elapsed_time: 1h 21m
device_unlocked: False
Classes
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shouldersurfscore-1.0.3.tar.gz.
File metadata
- Download URL: shouldersurfscore-1.0.3.tar.gz
- Upload date:
- Size: 52.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
561c5c6f01f548da5990b72e2e0bb333cf5250b94008b05b393c304cf3e6c4eb
|
|
| MD5 |
587ae16824973a2c12edee2f0cb9414b
|
|
| BLAKE2b-256 |
684634f8a67c59046010642eef6a3db2a7e2ef26b6ed859313b2cf0d3e0b18e3
|
File details
Details for the file shouldersurfscore-1.0.3-py3-none-any.whl.
File metadata
- Download URL: shouldersurfscore-1.0.3-py3-none-any.whl
- Upload date:
- Size: 48.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d0d466c4fba4612512c23b2276350a445ef45f501b4d34f29e33f8e10daa2768
|
|
| MD5 |
29ecb962723cd5d40cc1c643c32bb802
|
|
| BLAKE2b-256 |
49120c49a4db87539d8ce008a4d02204b8c091e06e52a1b10e3ccfcad1f8551a
|
