Adjust strength meter to account for modulo bias

using a formula for the upper limit because it is easier to understand and doesn't make a substantive difference
alanhkarp · Jun 17, 2024 · 2402642 · 2402642
1 parent 3564dee
commit 2402642
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/notes/SitePassword.pages b/notes/SitePassword.pages
diff --git a/src/ssp.js b/src/ssp.js
@@ -881,8 +881,6 @@ function setMeter(which) {
     let guesses = getGuesses(which);
     // 10^9 guesses per second, 3*10^7 seconds per year, average success in 1/2 the tries
     let years = guesses/(1e9*3e7*2);
-    // Adjust site password for modulus bias
-    if (which === "sitepw") years *= 1 - (256%characters(bg.settings).length)/256;
     if (which === "superpw") years /= 16*1024; // So the superpw will have more entropy than the site password
     let score = getScore(years);
     let index = Math.floor(score/5);
@@ -931,6 +929,11 @@ function setMeter(which) {
                 guesses *= sequence[i].guesses;
             }
         }
+        if (which === "sitepw") {
+            // Adjust site password for modulus bias
+            let statisticalDistance = (256%alphabetSize)/256; // Upper bound on statistical distance
+            guesses = Math.floor(guesses*(1 - statisticalDistance));
+        }
         return guesses;
     }
     function guessLabel(years) {