I am making a small password strength calculator in C++ that will calculate the information entropy value for the password as well as the NIST value. I have the entropy part of the program working but the NIST part is giving me some problems. I am pretty sure I have the right formula but every time I put my test password through that I know should give me a value of 24 I get a value of 18. I don't see a problem in my code that would cause this which leads me to believe it is a problem with the formula. Is anyone familiar with the NIST formula and could provide me help with this? Any help would be greatly appreciated. I have attached my code below.
#include <iostream>
#include <cmath>
#include <string>
using namespace std;
int main(){
string eight_password, first_char, next_seven;
int ep_length;
double ent_strength, nist_strength;
const int NIST_FIRST = 4, NIST_SEVEN = 2, NIST_REM = 1;
const double NIST_TWELVE = 1.5;
cout << "Hello! Please enter a password of 8 characters or less (including spaces!):" << endl;
getline(cin, eight_password);
ep_length = eight_password.length();
ent_strength = (ep_length*((log(94))/(log(2))));
first_char = eight_password.substr(0, 1);
next_seven = eight_password.substr(1, 7);
nist_strength = (first_char.length()*NIST_FIRST) + (next_seven.length()*NIST_SEVEN);
cout << nist_strength<<endl;
cout << first_char.length() << endl;
cout << next_seven.length() << endl;
return 0;
}
