From 83e1291ae785d91ffa87d2a35bff4caa540a3963 Mon Sep 17 00:00:00 2001 From: Gregory Soutade Date: Sat, 1 Feb 2014 10:50:23 +0100 Subject: [PATCH 1/4] Add pwdmeter.js from Jeff Todnem (https://www.todnem.com/) to have a feedback on master key strength --- server/index.php | 5 +- server/ressources/bg_strength_gradient.jpg | Bin 0 -> 676 bytes server/ressources/gpass.css | 29 ++ server/ressources/pwdmeter.js | 341 +++++++++++++++++++++ 4 files changed, 374 insertions(+), 1 deletion(-) create mode 100644 server/ressources/bg_strength_gradient.jpg create mode 100644 server/ressources/pwdmeter.js diff --git a/server/index.php b/server/index.php index b527bed..b3799a6 100644 --- a/server/index.php +++ b/server/index.php @@ -61,6 +61,7 @@ else + gPass : global Password @@ -123,9 +124,11 @@ if ($user != "") echo 'URL '; echo 'login '; echo 'password '; - echo 'master key '; + echo 'master key '; echo ''; echo ""; + echo "
"; + echo '
Master key strength
0%
 
'; } ?> diff --git a/server/ressources/bg_strength_gradient.jpg b/server/ressources/bg_strength_gradient.jpg new file mode 100644 index 0000000000000000000000000000000000000000..be7742566ee874afa1856a6da87d57f57d4dec28 GIT binary patch literal 676 zcmex=i3*BJ!6k`h{6D}T z$iX1M_=TBKkby~%ky()O{}BcWkW(2M84!S(g^86NBqM+>!@$JM=m?aN1ZiMK)&rDa z;a~$wi3*~a1u~WK|1Aa{plT*TW18^>s?!k!AzJefHXPMt z30cD!cu-cGt$&rnqNNHKOFc|V)(BoaAgj$1vP4QNh~cG&GEg{Z0;|`-m0v70O$@wO za{2OT#qwmua&g7-v3f2%=)KUwN9t?Ey)IiQF zt2+FahB%d4RdB(0{)}Mnz~mf4Rz9?v3*@a#$p|_Tuyi6Ust1w>qkVaQ8$3?FuWW0<}Uff_6#<9}FBxDKWr3vmp;iU>( zQ=5Zd6a-}?Ob-&7B@wbq;>s=&kzF!elbxHUJ2g#rZkX&0 0 && a < (arrPwdLen - 1)) { nMidChar++; } + if (nTmpNumber !== "") { if ((nTmpNumber + 1) == a) { nConsecNumber++; nConsecCharType++; } } + nTmpNumber = a; + nNumber++; + } + else if (arrPwd[a].match(/[^a-zA-Z0-9_]/g)) { + if (a > 0 && a < (arrPwdLen - 1)) { nMidChar++; } + if (nTmpSymbol !== "") { if ((nTmpSymbol + 1) == a) { nConsecSymbol++; nConsecCharType++; } } + nTmpSymbol = a; + nSymbol++; + } + /* Internal loop through password to check for repeat characters */ + var bCharExists = false; + for (var b=0; b < arrPwdLen; b++) { + if (arrPwd[a] == arrPwd[b] && a != b) { /* repeat character exists */ + bCharExists = true; + /* + Calculate icrement deduction based on proximity to identical characters + Deduction is incremented each time a new match is discovered + Deduction amount is based on total password length divided by the + difference of distance between currently selected match + */ + nRepInc += Math.abs(arrPwdLen/(b-a)); + } + } + if (bCharExists) { + nRepChar++; + nUnqChar = arrPwdLen-nRepChar; + nRepInc = (nUnqChar) ? Math.ceil(nRepInc/nUnqChar) : Math.ceil(nRepInc); + } + } + + /* Check for sequential alpha string patterns (forward and reverse) */ + for (var s=0; s < 23; s++) { + var sFwd = sAlphas.substring(s,parseInt(s+3)); + var sRev = sFwd.strReverse(); + if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqAlpha++; nSeqChar++;} + } + + /* Check for sequential numeric string patterns (forward and reverse) */ + for (var s=0; s < 8; s++) { + var sFwd = sNumerics.substring(s,parseInt(s+3)); + var sRev = sFwd.strReverse(); + if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqNumber++; nSeqChar++;} + } + + /* Check for sequential symbol string patterns (forward and reverse) */ + for (var s=0; s < 8; s++) { + var sFwd = sSymbols.substring(s,parseInt(s+3)); + var sRev = sFwd.strReverse(); + if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqSymbol++; nSeqChar++;} + } + + /* Modify overall score value based on usage vs requirements */ + + /* General point assignment */ + // $("nLengthBonus").innerHTML = "+ " + nScore; + if (nAlphaUC > 0 && nAlphaUC < nLength) { + nScore = parseInt(nScore + ((nLength - nAlphaUC) * 2)); + sAlphaUC = "+ " + parseInt((nLength - nAlphaUC) * 2); + } + if (nAlphaLC > 0 && nAlphaLC < nLength) { + nScore = parseInt(nScore + ((nLength - nAlphaLC) * 2)); + sAlphaLC = "+ " + parseInt((nLength - nAlphaLC) * 2); + } + if (nNumber > 0 && nNumber < nLength) { + nScore = parseInt(nScore + (nNumber * nMultNumber)); + sNumber = "+ " + parseInt(nNumber * nMultNumber); + } + if (nSymbol > 0) { + nScore = parseInt(nScore + (nSymbol * nMultSymbol)); + sSymbol = "+ " + parseInt(nSymbol * nMultSymbol); + } + if (nMidChar > 0) { + nScore = parseInt(nScore + (nMidChar * nMultMidChar)); + sMidChar = "+ " + parseInt(nMidChar * nMultMidChar); + } + // $("nAlphaUCBonus").innerHTML = sAlphaUC; + // $("nAlphaLCBonus").innerHTML = sAlphaLC; + // $("nNumberBonus").innerHTML = sNumber; + // $("nSymbolBonus").innerHTML = sSymbol; + // $("nMidCharBonus").innerHTML = sMidChar; + + /* Point deductions for poor practices */ + if ((nAlphaLC > 0 || nAlphaUC > 0) && nSymbol === 0 && nNumber === 0) { // Only Letters + nScore = parseInt(nScore - nLength); + nAlphasOnly = nLength; + sAlphasOnly = "- " + nLength; + } + if (nAlphaLC === 0 && nAlphaUC === 0 && nSymbol === 0 && nNumber > 0) { // Only Numbers + nScore = parseInt(nScore - nLength); + nNumbersOnly = nLength; + sNumbersOnly = "- " + nLength; + } + if (nRepChar > 0) { // Same character exists more than once + nScore = parseInt(nScore - nRepInc); + sRepChar = "- " + nRepInc; + } + if (nConsecAlphaUC > 0) { // Consecutive Uppercase Letters exist + nScore = parseInt(nScore - (nConsecAlphaUC * nMultConsecAlphaUC)); + sConsecAlphaUC = "- " + parseInt(nConsecAlphaUC * nMultConsecAlphaUC); + } + if (nConsecAlphaLC > 0) { // Consecutive Lowercase Letters exist + nScore = parseInt(nScore - (nConsecAlphaLC * nMultConsecAlphaLC)); + sConsecAlphaLC = "- " + parseInt(nConsecAlphaLC * nMultConsecAlphaLC); + } + if (nConsecNumber > 0) { // Consecutive Numbers exist + nScore = parseInt(nScore - (nConsecNumber * nMultConsecNumber)); + sConsecNumber = "- " + parseInt(nConsecNumber * nMultConsecNumber); + } + if (nSeqAlpha > 0) { // Sequential alpha strings exist (3 characters or more) + nScore = parseInt(nScore - (nSeqAlpha * nMultSeqAlpha)); + sSeqAlpha = "- " + parseInt(nSeqAlpha * nMultSeqAlpha); + } + if (nSeqNumber > 0) { // Sequential numeric strings exist (3 characters or more) + nScore = parseInt(nScore - (nSeqNumber * nMultSeqNumber)); + sSeqNumber = "- " + parseInt(nSeqNumber * nMultSeqNumber); + } + if (nSeqSymbol > 0) { // Sequential symbol strings exist (3 characters or more) + nScore = parseInt(nScore - (nSeqSymbol * nMultSeqSymbol)); + sSeqSymbol = "- " + parseInt(nSeqSymbol * nMultSeqSymbol); + } + // $("nAlphasOnlyBonus").innerHTML = sAlphasOnly; + // $("nNumbersOnlyBonus").innerHTML = sNumbersOnly; + // $("nRepCharBonus").innerHTML = sRepChar; + // $("nConsecAlphaUCBonus").innerHTML = sConsecAlphaUC; + // $("nConsecAlphaLCBonus").innerHTML = sConsecAlphaLC; + // $("nConsecNumberBonus").innerHTML = sConsecNumber; + // $("nSeqAlphaBonus").innerHTML = sSeqAlpha; + // $("nSeqNumberBonus").innerHTML = sSeqNumber; + // $("nSeqSymbolBonus").innerHTML = sSeqSymbol; + + /* Determine if mandatory requirements have been met and set image indicators accordingly */ + var arrChars = [nLength,nAlphaUC,nAlphaLC,nNumber,nSymbol]; + var arrCharsIds = ["nLength","nAlphaUC","nAlphaLC","nNumber","nSymbol"]; + var arrCharsLen = arrChars.length; + // for (var c=0; c < arrCharsLen; c++) { + // var oImg = $('div_' + arrCharsIds[c]); + // var oBonus = $(arrCharsIds[c] + 'Bonus'); + // $(arrCharsIds[c]).innerHTML = arrChars[c]; + // if (arrCharsIds[c] == "nLength") { var minVal = parseInt(nMinPwdLen - 1); } else { var minVal = 0; } + // if (arrChars[c] == parseInt(minVal + 1)) { nReqChar++; oImg.className = "pass"; oBonus.parentNode.className = "pass"; } + // else if (arrChars[c] > parseInt(minVal + 1)) { nReqChar++; oImg.className = "exceed"; oBonus.parentNode.className = "exceed"; } + // else { oImg.className = "fail"; oBonus.parentNode.className = "fail"; } + // } + nRequirements = nReqChar; + if (pwd.length >= nMinPwdLen) { var nMinReqChars = 3; } else { var nMinReqChars = 4; } + if (nRequirements > nMinReqChars) { // One or more required characters exist + nScore = parseInt(nScore + (nRequirements * 2)); + sRequirements = "+ " + parseInt(nRequirements * 2); + } + // $("nRequirementsBonus").innerHTML = sRequirements; + + /* Determine if additional bonuses need to be applied and set image indicators accordingly */ + var arrChars = [nMidChar,nRequirements]; + var arrCharsIds = ["nMidChar","nRequirements"]; + var arrCharsLen = arrChars.length; + // for (var c=0; c < arrCharsLen; c++) { + // var oImg = $('div_' + arrCharsIds[c]); + // var oBonus = $(arrCharsIds[c] + 'Bonus'); + // $(arrCharsIds[c]).innerHTML = arrChars[c]; + // if (arrCharsIds[c] == "nRequirements") { var minVal = nMinReqChars; } else { var minVal = 0; } + // if (arrChars[c] == parseInt(minVal + 1)) { oImg.className = "pass"; oBonus.parentNode.className = "pass"; } + // else if (arrChars[c] > parseInt(minVal + 1)) { oImg.className = "exceed"; oBonus.parentNode.className = "exceed"; } + // else { oImg.className = "fail"; oBonus.parentNode.className = "fail"; } + // } + + /* Determine if suggested requirements have been met and set image indicators accordingly */ + var arrChars = [nAlphasOnly,nNumbersOnly,nRepChar,nConsecAlphaUC,nConsecAlphaLC,nConsecNumber,nSeqAlpha,nSeqNumber,nSeqSymbol]; + var arrCharsIds = ["nAlphasOnly","nNumbersOnly","nRepChar","nConsecAlphaUC","nConsecAlphaLC","nConsecNumber","nSeqAlpha","nSeqNumber","nSeqSymbol"]; + var arrCharsLen = arrChars.length; + // for (var c=0; c < arrCharsLen; c++) { + // var oImg = $('div_' + arrCharsIds[c]); + // var oBonus = $(arrCharsIds[c] + 'Bonus'); + // $(arrCharsIds[c]).innerHTML = arrChars[c]; + // if (arrChars[c] > 0) { oImg.className = "warn"; oBonus.parentNode.className = "warn"; } + // else { oImg.className = "pass"; oBonus.parentNode.className = "pass"; } + // } + + /* Determine complexity based on overall score */ + if (nScore > 100) { nScore = 100; } else if (nScore < 0) { nScore = 0; } + if (nScore >= 0 && nScore < 20) { sComplexity = "Very Weak"; } + else if (nScore >= 20 && nScore < 40) { sComplexity = "Weak"; } + else if (nScore >= 40 && nScore < 60) { sComplexity = "Good"; } + else if (nScore >= 60 && nScore < 80) { sComplexity = "Strong"; } + else if (nScore >= 80 && nScore <= 100) { sComplexity = "Very Strong"; } + + /* Display updated score criteria to client */ + oScorebar.style.backgroundPosition = "-" + parseInt(nScore * 4) + "px 0px"; + oScore.innerHTML = nScore + "%"; + // oComplexity.innerHTML = sComplexity; + } + else { + /* Display default score criteria to client */ + initPwdChk(); + oScore.innerHTML = nScore + "%"; + // oComplexity.innerHTML = sComplexity; + } +} + +function togPwdMask() { + var oPwd = $("passwordPwd"); + var oTxt = $("passwordTxt"); + var oMask = $("mask"); + if (oMask.checked) { + oPwd.value = oTxt.value; + oPwd.className = ""; + oTxt.className = "hide"; + } + else { + oTxt.value = oPwd.value; + oPwd.className = "hide"; + oTxt.className = ""; + } +} + +function initPwdChk(restart) { + /* Reset all form values to their default */ + var arrZeros = ["nLength","nAlphaUC","nAlphaLC","nNumber","nSymbol","nMidChar","nRequirements","nAlphasOnly","nNumbersOnly","nRepChar","nConsecAlphaUC","nConsecAlphaLC","nConsecNumber","nSeqAlpha","nSeqNumber","nSeqSymbol","nLengthBonus","nAlphaUCBonus","nAlphaLCBonus","nNumberBonus","nSymbolBonus","nMidCharBonus","nRequirementsBonus","nAlphasOnlyBonus","nNumbersOnlyBonus","nRepCharBonus","nConsecAlphaUCBonus","nConsecAlphaLCBonus","nConsecNumberBonus","nSeqAlphaBonus","nSeqNumberBonus","nSeqSymbolBonus"]; + var arrPassPars = ["nAlphasOnlyBonus","nNumbersOnlyBonus","nRepCharBonus","nConsecAlphaUCBonus","nConsecAlphaLCBonus","nConsecNumberBonus","nSeqAlphaBonus","nSeqNumberBonus","nSeqSymbolBonus"]; + var arrPassDivs = ["div_nAlphasOnly","div_nNumbersOnly","div_nRepChar","div_nConsecAlphaUC","div_nConsecAlphaLC","div_nConsecNumber","div_nSeqAlpha","div_nSeqNumber","div_nSeqSymbol"]; + var arrFailPars = ["nLengthBonus","nAlphaUCBonus","nAlphaLCBonus","nNumberBonus","nSymbolBonus","nMidCharBonus","nRequirementsBonus"]; + var arrFailDivs = ["div_nLength","div_nAlphaUC","div_nAlphaLC","div_nNumber","div_nSymbol","div_nMidChar","div_nRequirements"]; + // for (var i in arrZeros) { $(arrZeros[i]).innerHTML = "0"; } + // for (var i in arrPassPars) { $(arrPassPars[i]).parentNode.className = "pass"; } + // for (var i in arrPassDivs) { $(arrPassDivs[i]).className = "pass"; } + // for (var i in arrFailPars) { $(arrFailPars[i]).parentNode.className = "fail"; } + // for (var i in arrFailDivs) { $(arrFailDivs[i]).className = "fail"; } + // $("passwordPwd").value = ""; + // $("passwordTxt").value = ""; + $("scorebar").style.backgroundPosition = "0 0"; + if (restart) { + $("passwordPwd").className = ""; + $("passwordTxt").className = "hide"; + $("mask").checked = true; + } +} + +addLoadEvent(function() { initPwdChk(1); }); + From 6f8f952a929572b52d0b5423100097208f26dc4c Mon Sep 17 00:00:00 2001 From: Gregory Soutade Date: Mon, 17 Feb 2014 08:00:28 +0100 Subject: [PATCH 2/4] Master key is now in clear text (not password) when you add a new password. This reduce typo errors --- server/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/index.php b/server/index.php index b3799a6..a1baff8 100644 --- a/server/index.php +++ b/server/index.php @@ -124,7 +124,7 @@ if ($user != "") echo 'URL '; echo 'login '; echo 'password '; - echo 'master key '; + echo 'master key '; echo ''; echo ""; echo "
"; From ce1d010b855fea236916102230cf18499d656f45 Mon Sep 17 00:00:00 2001 From: Gregory Soutade Date: Wed, 19 Feb 2014 17:34:51 +0100 Subject: [PATCH 3/4] Warn when no password are unciphered using a masterkey Clear masterkey after "See" or "Add" action --- server/index.php | 4 ++-- server/ressources/gpass.js | 23 +++++++++++++++++------ 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/server/index.php b/server/index.php index a1baff8..3b43672 100644 --- a/server/index.php +++ b/server/index.php @@ -102,8 +102,8 @@ else } } echo "\n"; - echo ' Master key '; - echo "" . "\n"; + echo ' Master key '; + echo "" . "\n"; if (!isset($_SERVER['HTTPS'])) echo "
Current addon address is : http://" . $_SERVER['SERVER_NAME'] . "/" . $user . "
\n"; diff --git a/server/ressources/gpass.js b/server/ressources/gpass.js index 88e363b..d8cdf7f 100755 --- a/server/ressources/gpass.js +++ b/server/ressources/gpass.js @@ -219,10 +219,18 @@ function update_stats() div.appendChild(document.createElement("br")); } -function change_master_key() +function change_master_key(warning_unciphered) { + var nb_unciphered = 0; for(i=0; i Date: Wed, 19 Feb 2014 17:37:27 +0100 Subject: [PATCH 4/4] Don't warn on user change --- server/ressources/gpass.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/ressources/gpass.js b/server/ressources/gpass.js index d8cdf7f..acfe4c4 100755 --- a/server/ressources/gpass.js +++ b/server/ressources/gpass.js @@ -356,6 +356,8 @@ function update_master_key(warning_unciphered) addon_address.removeAllChilds(); addon_address.appendChild(document.createTextNode("Current addon address is : " + document.documentURI + current_user)); + + warning_unciphered = false; } current_mkey = document.getElementById("master_key").value;