jwt-cracker
jwt-cracker copied to clipboard
Min secret length
Given the way that variationsStream is implemented, the code still calculates all permutations with repetition up to the min length, but these are no longer passed along to be processed and checked against the token. Ideal would be to replace or extend the variationsStream call but that library has not been updated in 9 years.
Closes #19
Thanks, this makes a lot of sense.
I agree that ideally, it will make sense to implement this directly in variation-stream
and then update the library here.
I think the current implementation still has performance benefits (because for the items that are skipped, we don't need to test if they would work as a valid signature), even though it's not the most optimal approach...
I am also thinking that another approach might be to switch to lmammino/indexed-string-variation
, which should already allow us to skip entries (basically starting from the first index that corresponds to a sequence of a given minim length).