Skip to content

Meetings

Jump to bottom
Stanislav Židek edited this page Apr 21, 2017 · 31 revisions

Meeting Minutes

2017-04-21

  • these are last meeting minutes here, we will track progress in projects, pull requests and in internal Trac
  • presentation of current status
  • discussion, brainstorming
  • AI:
    • create analyses specifications as projects
    • add code quality tools (inspiration)

2017-04-13

  • what's new
  • discussion
    • new structure and use cases
  • AI:
    • prepare presentation/documentation
      • state typical use cases - what problem are we trying to solve
      • skeleton of problem solution (implementation of every step not yet necessary)
      • overview of internal structures used so far

2017-03-09

  • what's new
    • analyzed design
  • discussion
    • high level design
  • AI remaining from past:
    • analysis output - use table instead of long sentence with zillion passwords
  • AI:
    • separate information in three data types
      • initial password list - [(password, entropy)]
      • transformations
      • transformed password list [( (original_pass, original_entropy), (transformed_pass, transformed_entropy), transformations)]
        • common data type for tuple (password, entropy) should be a good idea
      • PCL output as a dictionary { string -> { library -> output }}
        • output could be something parsed by us (root reason for rejecting, not specific library output)
    • Analysis would be something that user of our library constructs/uses

2017-02-15

  • what's new
    • refactoring of analysis script
    • python version detection
  • discussion
    • json tuple representation
    • analysis output structure, some typos noted
  • AI remaining from past:
    • none
  • AI:
    • handle python 2.6 correctly ;)
    • simulate tuples in JSON by dicts, not lists
    • reconsider using self.analysisFunctionNames array (not necessary)
    • analysis output - use table instead of long sentence with zillion passwords
    • Load* -> Loader* in class names
    • loadData() method - rename to say it is converting/exporting, not really loading

2017-01-27

  • what's new
    • storing/loading to/from JSON
      • could be used as intermediate results
    • improved structure and data flow
      • got rid of table with entropy changes, returning change directly from uniqueTransform
  • discussion
  • AI remaining from past:
    • reconsider getOriginallyPassowrds & co. methods
  • AI:
    • exampleAnalysis.py - just prints warnings about missing libraries and some transformation info into output file
    • "Orignally passwords:" in analysis output
    • get rid of analysisFunctions list, redo printData
    • report proble Python 2 if run under Python 2
    • self.get_HighEntropyPassLib_1_output - get rid of such names (_1_)
    • think about separating `mainAnalysis into two parts (analysis, printing)
$ find -name \*.py -exec pep8 {} \;
./scripts/rules.py:83:16: E121 continuation line indentation is not a multiple of four
./scripts/rules.py:87:16: E121 continuation line indentation is not a multiple of four
./scripts/rules.py:96:17: E126 continuation line over-indented for hanging indent
./scripts/rules.py:142:17: E126 continuation line over-indented for hanging indent
./scripts/analyzer.py:452:25: E126 continuation line over-indented for hanging indent
./scripts/analyzer.py:453:25: E126 continuation line over-indented for hanging indent
./scripts/analyzer.py:454:25: E126 continuation line over-indented for hanging indent
./scripts/analyzer.py:455:25: E126 continuation line over-indented for hanging indent
./scripts/analyzer.py:507:21: E126 continuation line over-indented for hanging indent
./scripts/analyzer.py:508:21: E126 continuation line over-indented for hanging indent
./scripts/analyzer.py:509:21: E126 continuation line over-indented for hanging indent
./exampleAnalysis.py:8:80: E501 line too long (140 > 79 characters

2016-12-13

  • what's new
    • reworked analysis.py
  • discussion
    • finding lowest entropy password that particular library accepts - possible future analysis topic
  • AI remaining from past:
    • pep8 - still reporting some fails - find -name \*.py -exec pep8 {} \;
  • AI:
    • analysis: add changed passwords to output + most common reason(s) for rejection
    • better describe groups of output
    • output analysis per password to JSON or similar format
    • describe what transformations were used in exampleAnalysis output
    • fix traceback without pwqcheck (generally without any of the libraries)
    • scripts/rules.py: remove ruleEntropyValue, integrate this info to respective classes
    • return entropy change dynamically
    • s/analisis/analysis/
    • still some magic values in scripts/analyzer.py
    • reconsider getOriginallyPassowrds & co. methods

2016-11-01

  • what's new
    • rewrote according to PEP-8
    • compatibility with python3
    • analytic test: number of files reduced
    • analytic test: not log-like output, now divided to 5 sections
    • rules generalized
  • discussion
    • static entropy change in rules
    • rating in analytic test
  • AI:
    • add more rules, remove entopyChange method
    • remove rating in analytic tests, store to every analytic section password, password checking libraries

2016-09-29

  • what's new
    • progress with rules refactoring
    • analyzer.py
      • tagged passwords
      • checking libraries against fixed entropy (11b)
  • discussion
  • AI remaining from past:
    • analytic test: output should be more self-explanatory and less log-like (e.g. divide into sections according to real password strength and strength evaluated by particular library)
    • analytic test: reduce number of files (1 input, 1 script, 1 output, 1 summary should be basically enough)
    • rewrite according to PEP-8
  • AI:
    • improve rules hierarchy to further reduce code repetition (and introduce "rule classes")
    • improve API for new password checking libraries (not to require to work with internals)

2016-09-15

  • what's new
    • analytic test
    • transformation history (now using function instead of decorator)
  • discussion
    • ...
  • AI remaining from past:
    • rewrite according to PEP-8
  • AI:
    • rules.py: get rid of code repetition
    • in general: most of the scripts should be usable as a library, which means no printing of warnings/errors and indicating problems in better way (deal with it, use return codes or exceptions)
    • analytic test: English summary
    • analytic test: output should be more self-explanatory and less log-like (e.g. divide into sections according to real password strength and strength evaluated by particular library)
    • analytic test: reduce number of files (1 input, 1 script, 1 output, 1 summary should be basically enough)
    • create some kind of documentation that show some simple use-cases, e.g. "run XY.py to get a basic analysis of password checking libraries on your system, implement Python class to test a your own password checking library"
    • ...

2016-07-07

  • what's new
    • simple unit test
    • transformation history (now using function instead of decorator)
    • repo reorg
    • Password structure now contains starting and current entropy (history can be deduced from transformation history)
  • discussion
    • use smaller commits
    • FUTURE IDEA: some transformations are complementary (lower/upper case), deal with it
  • AI remaining from past:
    • create simple "analytical" test
      • run on some chosen data and check results are as expected
      • concentrate on "verifying" the design of whole password checking
  • AI:
    • rewrite according to PEP-8
    • save entropy difference instead of absolute value in transformation history

2016-06-15

  • discussion
    • reading various types of inputs, how to set entropy
    • dynamic computing of entropy added during transformation
    • composing transformation rules (multi-argument transfrom()? NO)
  • AI:
    • remove .pyc files (.gitignore)
    • rationalize repository structure (get inspired by some advanced Python project, e.g. tlslite-ng)
    • get rid of .sh, create such things in test(s)/ dir
    • have a look PEP-8 (coding standard), ideally apply
    • create simple "analytical" test
      • run on some chosen data and check results are as expected
    • have a look at Travis CI
  • AI [sz]:
    • investigate abstractmethod issue with loadToDict() method (rules.py)

2016-06-09

  • what's new:
    • big rewrite, implementing abstract classes
  • AI remaining from past:
    • other abstractions:
      • PasswordObtain - ... -> PassData
  • AI:
    • Rule -> transform: take only password data
      • different leet tables => different classes
    • Library (class): incorporate delimiter into it, don't specify as argument
    • remember transformations in PassData (PassData -> Rule -> PassData)

2016-05-26

  • whats new:
    • exam period, not much work for ~2 weeks
    • 1 new commit
  • plan for next 1-2 weeks
    • lot of time
    • lot of work
  • Action items:
    • loading leet tables - use dict in source
    • abstract classes where possible
      • Rule (transforming password) - PassData -> PassData
      • LibraryCheck - PassData -> CheckResult(isOk, reason)
      • PasswordObtain - ... -> PassData
Clone this wiki locally