-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtipsy.yml
113 lines (105 loc) · 3.4 KB
/
tipsy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# given a password p and set of corrector functions C = {}, the ball is the set of passwords we obtain after applying the corrector functions to the p
#
# Submitted => corrector => the ball of password p
# password p functions
#
# password => swc-all => PASSWORD
# => swc-first => Password
# => rm-last => passwor
#
# one of always, blacklist, approximateOptimal
checker:
# always verify the submitted password and all passwords in the ball
# always: true
# use a blacklist of high-probability passwords. It checks the password or any password in the ball only if it isn't in the blacklist
# blacklist:
# # list of high-probability passwords used as a blacklist
# file: ./data/rockyou-1k.txt
# use a distribution of high-probability passwords (frequency+blacklist) and a distribution of typos to decide whether to correct the typo or not
# optimal:
# # frequency list of high-probability passwords
# file: ./data/rockyou-1k-withcount.txt
# # find the optimal set of passwords in the ball such that aggregate probability of each password in the ball
# # is lower than the probability of the qth most probable password in the blacklist
# # try q = 10
# qthMostProbablePassword: 10
typtop:
# public key encryption algorithm
pke:
# length of the users private-key
keyLength: 2048
# password based encryption scheme
pbe:
keyLength: 4096
# maximum edit distance using damereau-levenstein
editDistance: 2
# minimum zxcvbn-go score
zxcvbn: 3
typoCache:
# always set this to true
warmUp: true
length: 10
# cache type, one of LFU, PLFU, LRU, MFU, Best-t
# cachingScheme: LFU
waitList:
# should match the rateLimit in practice
length: 10
# applies to passwords loaded from all lists as well as registration
minPasswordLength: 6
web:
register:
# An optional blacklist used during user registration
blacklist: ./data/rockyou-1k.txt
# required zxcvbn strength out of 4. 0 being lowest and 4 being the highest: https://lowe.github.io/tryzxcvbn/
zxcvbn: 2
login:
# number of login attempts a user can make until they have to unlock the account via email link
rateLimit: 10
# cookie validity duration in minutes
sessionValidity: 30m
reset:
# reset link token validity duration in minutes
tokenValidity: 15m
# must be defined when using the optimal or typtop checker
typos:
# defaut values taken from Chatterjee et al. study on password typo rate
# total of 96963 password entry attempts
# you can change the distribution by setting the individual typo frequencies below
same: 90234
other: 1918
swc-all: 1698
kclose: 1385
keypress-edit: 1000
rm-last: 382
swc-first: 209
rm-first: 55
sws-last1: 19
tcerror: 18
sws-lastn: 14
upncap: 13
n2s-last: 9
cap2up: 5
add1-last: 5
# This list defines the correctors to apply e.g. for check always
# every corrector in the list below will be applied
# Careful: a longer list means a bigger decrease in security!
correctors:
# choose from the list below
- swc-all
- rm-last
- swc-first
# - rm-first
# - sws-last1
# - sws-lastn
# - upncap
# - n2s-last
# - cap2up
# - add1-last
# - same # use this for testing
# configure SMTP notifications
smtp:
server: smtp.gmail.com
username: [email protected]
password: ""
port: 587
from: [email protected]