Merge branch 'master' of soutade.fr:gpass

This commit is contained in:
Grégory Soutadé 2014-02-27 18:47:01 +01:00
commit eba9ba35eb
5 changed files with 395 additions and 9 deletions

View File

@ -61,6 +61,7 @@ else
<script src="ressources/hmac.js"></script> <script src="ressources/hmac.js"></script>
<script src="ressources/pkdbf2.js"></script> <script src="ressources/pkdbf2.js"></script>
<script src="ressources/gpass.js"></script> <script src="ressources/gpass.js"></script>
<script src="ressources/pwdmeter.js"></script>
<title>gPass : global Password</title> <title>gPass : global Password</title>
</head> </head>
<body onload="start();"> <body onload="start();">
@ -101,8 +102,8 @@ else
} }
} }
echo "</select>\n"; echo "</select>\n";
echo ' <b>Master key </b> <input id="master_key" type="password" onkeypress="if (event.keyCode == 13) update_master_key();"/>'; echo ' <b>Master key </b> <input id="master_key" type="password" onkeypress="if (event.keyCode == 13) update_master_key(true);"/>';
echo "<input type=\"button\" value=\"See\" onclick=\"update_master_key();\" />" . "\n"; echo "<input type=\"button\" value=\"See\" onclick=\"update_master_key(true);\" />" . "\n";
if (!isset($_SERVER['HTTPS'])) if (!isset($_SERVER['HTTPS']))
echo "<div id=\"addon_address\">Current addon address is : http://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n"; echo "<div id=\"addon_address\">Current addon address is : http://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n";
@ -123,9 +124,11 @@ if ($user != "")
echo 'URL <input type="text" name="url"/>'; echo 'URL <input type="text" name="url"/>';
echo 'login <input type="text" name="login" />'; echo 'login <input type="text" name="login" />';
echo 'password <input id="new_password" type="text" name="password"/>'; echo 'password <input id="new_password" type="text" name="password"/>';
echo 'master key <input type="password" name="mkey" onkeypress="if (event.keyCode == 13) add_password();"/>'; echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
echo '<input type="button" value="Generate password" onClick="generate_password();"/>'; echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
echo "<input type=\"button\" name=\"add\" value=\"Add\" onclick=\"add_password();\"/>"; echo "<input type=\"button\" name=\"add\" value=\"Add\" onclick=\"add_password();\"/>";
echo "<br />";
echo '<div><a href="http://en.wikipedia.org/wiki/Password_strength">Master key strength</a><div id="scorebarBorder"><div id="score">0%</div><div id="scorebar">&nbsp;</div></div></div>';
} }
?> ?>
</div> </div>

Binary file not shown.

After

Width:  |  Height:  |  Size: 676 B

View File

@ -77,3 +77,32 @@ body {
font-weight:bold; font-weight:bold;
font-size:xx-large; font-size:xx-large;
} }
#scorebarBorder {
background: #333;
border: 1px #000 solid;
height: 16px;
margin-bottom: 2px;
margin-left:auto;
margin-right:auto;
width: 100px;
}
#score {
color: rgb(0, 0, 0);
font-size: 85%;
position: absolute;
text-align: center;
width: 100px;
z-index: 10;
font-weight:bold;
}
#scorebar {
background-image: url(/ressources/bg_strength_gradient.jpg);
background-repeat: no-repeat;
background-position: 0 0;
position:absolute;
width: 100px;
z-index: 0;
}

View File

@ -219,10 +219,18 @@ function update_stats()
div.appendChild(document.createElement("br")); div.appendChild(document.createElement("br"));
} }
function change_master_key() function change_master_key(warning_unciphered)
{ {
var nb_unciphered = 0;
for(i=0; i<passwords.length; i++) for(i=0; i<passwords.length; i++)
passwords[i].decrypt(current_mkey); {
if (passwords[i].decrypt(current_mkey))
nb_unciphered++;
}
if (!nb_unciphered && warning_unciphered)
alert("No password unciphered with this master key !");
password_div = document.getElementById("passwords"); password_div = document.getElementById("passwords");
password_div.removeAllChilds(); password_div.removeAllChilds();
@ -326,10 +334,13 @@ function change_master_key()
} }
} }
input = document.getElementById("master_key");
input.value = "";
update_stats(); update_stats();
} }
function update_master_key() function update_master_key(warning_unciphered)
{ {
user = select_widget.options[select_widget.selectedIndex].value; user = select_widget.options[select_widget.selectedIndex].value;
@ -345,6 +356,8 @@ function update_master_key()
addon_address.removeAllChilds(); addon_address.removeAllChilds();
addon_address.appendChild(document.createTextNode("Current addon address is : " + document.documentURI + current_user)); addon_address.appendChild(document.createTextNode("Current addon address is : " + document.documentURI + current_user));
warning_unciphered = false;
} }
current_mkey = document.getElementById("master_key").value; current_mkey = document.getElementById("master_key").value;
@ -352,7 +365,7 @@ function update_master_key()
if (current_mkey != "") if (current_mkey != "")
current_mkey = derive_mkey(current_user, current_mkey); current_mkey = derive_mkey(current_user, current_mkey);
change_master_key(); change_master_key(warning_unciphered);
} }
function start() function start()
@ -361,7 +374,7 @@ function start()
if (select_widget == null) return; if (select_widget == null) return;
return update_master_key(); return update_master_key(false);
} }
function add_password_server(user, pentry) function add_password_server(user, pentry)
@ -505,7 +518,7 @@ function add_password()
passwords.push(pentry); passwords.push(pentry);
change_master_key(); change_master_key(false);
for(i=0; i<inputs.length; i++) for(i=0; i<inputs.length; i++)
{ {

View File

@ -0,0 +1,341 @@
/*
** Created by: Jeff Todnem (http://www.todnem.com/)
** Created on: 2007-08-14
** Last modified: 2010-05-03
**
** License Information:
** -------------------------------------------------------------------------
** Copyright (C) 2007 Jeff Todnem
**
** This program is free software; you can redistribute it and/or modify it
** under the terms of the GNU General Public License as published by the
** Free Software Foundation; either version 2 of the License, or (at your
** option) any later version.
**
** This program is distributed in the hope that it will be useful, but
** WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
** General Public License for more details.
**
** You should have received a copy of the GNU General Public License along
** with this program; if not, write to the Free Software Foundation, Inc.,
** 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
**
*/
function addLoadEvent(func) {
var oldonload = window.onload;
if (typeof window.onload != "function") {
window.onload = func;
}
else {
window.onload = function() {
if (oldonload) {
oldonload();
}
func();
};
}
}
function $() {
var arrElms = [];
for (var i=0; i < arguments.length; i++) {
var elm = arguments[i];
if (typeof(elm == "string")) { elm = document.getElementById(elm); }
if (arguments.length == 1) { return elm; }
arrElms.push(elm);
}
return arrElms;
}
String.prototype.strReverse = function() {
var newstring = "";
for (var s=0; s < this.length; s++) {
newstring = this.charAt(s) + newstring;
}
return newstring;
//strOrig = ' texttotrim ';
//strReversed = strOrig.revstring();
};
function chkPass(pwd) {
var oScorebar = $("scorebar");
var oScore = $("score");
var oComplexity = $("complexity");
// Simultaneous variable declaration and value assignment aren't supported in IE apparently
// so I'm forced to assign the same value individually per var to support a crappy browser *sigh*
var nScore=0, nLength=0, nAlphaUC=0, nAlphaLC=0, nNumber=0, nSymbol=0, nMidChar=0, nRequirements=0, nAlphasOnly=0, nNumbersOnly=0, nUnqChar=0, nRepChar=0, nRepInc=0, nConsecAlphaUC=0, nConsecAlphaLC=0, nConsecNumber=0, nConsecSymbol=0, nConsecCharType=0, nSeqAlpha=0, nSeqNumber=0, nSeqSymbol=0, nSeqChar=0, nReqChar=0, nMultConsecCharType=0;
var nMultRepChar=1, nMultConsecSymbol=1;
var nMultMidChar=2, nMultRequirements=2, nMultConsecAlphaUC=2, nMultConsecAlphaLC=2, nMultConsecNumber=2;
var nReqCharType=3, nMultAlphaUC=3, nMultAlphaLC=3, nMultSeqAlpha=3, nMultSeqNumber=3, nMultSeqSymbol=3;
var nMultLength=4, nMultNumber=4;
var nMultSymbol=6;
var nTmpAlphaUC="", nTmpAlphaLC="", nTmpNumber="", nTmpSymbol="";
var sAlphaUC="0", sAlphaLC="0", sNumber="0", sSymbol="0", sMidChar="0", sRequirements="0", sAlphasOnly="0", sNumbersOnly="0", sRepChar="0", sConsecAlphaUC="0", sConsecAlphaLC="0", sConsecNumber="0", sSeqAlpha="0", sSeqNumber="0", sSeqSymbol="0";
var sAlphas = "abcdefghijklmnopqrstuvwxyz";
var sNumerics = "01234567890";
var sSymbols = ")!@#$%^&*()";
var sComplexity = "Too Short";
var sStandards = "Below";
var nMinPwdLen = 8;
if (document.all) { var nd = 0; } else { var nd = 1; }
if (pwd) {
nScore = parseInt(pwd.length * nMultLength);
nLength = pwd.length;
var arrPwd = pwd.replace(/\s+/g,"").split(/\s*/);
var arrPwdLen = arrPwd.length;
/* Loop through password to check for Symbol, Numeric, Lowercase and Uppercase pattern matches */
for (var a=0; a < arrPwdLen; a++) {
if (arrPwd[a].match(/[A-Z]/g)) {
if (nTmpAlphaUC !== "") { if ((nTmpAlphaUC + 1) == a) { nConsecAlphaUC++; nConsecCharType++; } }
nTmpAlphaUC = a;
nAlphaUC++;
}
else if (arrPwd[a].match(/[a-z]/g)) {
if (nTmpAlphaLC !== "") { if ((nTmpAlphaLC + 1) == a) { nConsecAlphaLC++; nConsecCharType++; } }
nTmpAlphaLC = a;
nAlphaLC++;
}
else if (arrPwd[a].match(/[0-9]/g)) {
if (a > 0 && a < (arrPwdLen - 1)) { nMidChar++; }
if (nTmpNumber !== "") { if ((nTmpNumber + 1) == a) { nConsecNumber++; nConsecCharType++; } }
nTmpNumber = a;
nNumber++;
}
else if (arrPwd[a].match(/[^a-zA-Z0-9_]/g)) {
if (a > 0 && a < (arrPwdLen - 1)) { nMidChar++; }
if (nTmpSymbol !== "") { if ((nTmpSymbol + 1) == a) { nConsecSymbol++; nConsecCharType++; } }
nTmpSymbol = a;
nSymbol++;
}
/* Internal loop through password to check for repeat characters */
var bCharExists = false;
for (var b=0; b < arrPwdLen; b++) {
if (arrPwd[a] == arrPwd[b] && a != b) { /* repeat character exists */
bCharExists = true;
/*
Calculate icrement deduction based on proximity to identical characters
Deduction is incremented each time a new match is discovered
Deduction amount is based on total password length divided by the
difference of distance between currently selected match
*/
nRepInc += Math.abs(arrPwdLen/(b-a));
}
}
if (bCharExists) {
nRepChar++;
nUnqChar = arrPwdLen-nRepChar;
nRepInc = (nUnqChar) ? Math.ceil(nRepInc/nUnqChar) : Math.ceil(nRepInc);
}
}
/* Check for sequential alpha string patterns (forward and reverse) */
for (var s=0; s < 23; s++) {
var sFwd = sAlphas.substring(s,parseInt(s+3));
var sRev = sFwd.strReverse();
if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqAlpha++; nSeqChar++;}
}
/* Check for sequential numeric string patterns (forward and reverse) */
for (var s=0; s < 8; s++) {
var sFwd = sNumerics.substring(s,parseInt(s+3));
var sRev = sFwd.strReverse();
if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqNumber++; nSeqChar++;}
}
/* Check for sequential symbol string patterns (forward and reverse) */
for (var s=0; s < 8; s++) {
var sFwd = sSymbols.substring(s,parseInt(s+3));
var sRev = sFwd.strReverse();
if (pwd.toLowerCase().indexOf(sFwd) != -1 || pwd.toLowerCase().indexOf(sRev) != -1) { nSeqSymbol++; nSeqChar++;}
}
/* Modify overall score value based on usage vs requirements */
/* General point assignment */
// $("nLengthBonus").innerHTML = "+ " + nScore;
if (nAlphaUC > 0 && nAlphaUC < nLength) {
nScore = parseInt(nScore + ((nLength - nAlphaUC) * 2));
sAlphaUC = "+ " + parseInt((nLength - nAlphaUC) * 2);
}
if (nAlphaLC > 0 && nAlphaLC < nLength) {
nScore = parseInt(nScore + ((nLength - nAlphaLC) * 2));
sAlphaLC = "+ " + parseInt((nLength - nAlphaLC) * 2);
}
if (nNumber > 0 && nNumber < nLength) {
nScore = parseInt(nScore + (nNumber * nMultNumber));
sNumber = "+ " + parseInt(nNumber * nMultNumber);
}
if (nSymbol > 0) {
nScore = parseInt(nScore + (nSymbol * nMultSymbol));
sSymbol = "+ " + parseInt(nSymbol * nMultSymbol);
}
if (nMidChar > 0) {
nScore = parseInt(nScore + (nMidChar * nMultMidChar));
sMidChar = "+ " + parseInt(nMidChar * nMultMidChar);
}
// $("nAlphaUCBonus").innerHTML = sAlphaUC;
// $("nAlphaLCBonus").innerHTML = sAlphaLC;
// $("nNumberBonus").innerHTML = sNumber;
// $("nSymbolBonus").innerHTML = sSymbol;
// $("nMidCharBonus").innerHTML = sMidChar;
/* Point deductions for poor practices */
if ((nAlphaLC > 0 || nAlphaUC > 0) && nSymbol === 0 && nNumber === 0) { // Only Letters
nScore = parseInt(nScore - nLength);
nAlphasOnly = nLength;
sAlphasOnly = "- " + nLength;
}
if (nAlphaLC === 0 && nAlphaUC === 0 && nSymbol === 0 && nNumber > 0) { // Only Numbers
nScore = parseInt(nScore - nLength);
nNumbersOnly = nLength;
sNumbersOnly = "- " + nLength;
}
if (nRepChar > 0) { // Same character exists more than once
nScore = parseInt(nScore - nRepInc);
sRepChar = "- " + nRepInc;
}
if (nConsecAlphaUC > 0) { // Consecutive Uppercase Letters exist
nScore = parseInt(nScore - (nConsecAlphaUC * nMultConsecAlphaUC));
sConsecAlphaUC = "- " + parseInt(nConsecAlphaUC * nMultConsecAlphaUC);
}
if (nConsecAlphaLC > 0) { // Consecutive Lowercase Letters exist
nScore = parseInt(nScore - (nConsecAlphaLC * nMultConsecAlphaLC));
sConsecAlphaLC = "- " + parseInt(nConsecAlphaLC * nMultConsecAlphaLC);
}
if (nConsecNumber > 0) { // Consecutive Numbers exist
nScore = parseInt(nScore - (nConsecNumber * nMultConsecNumber));
sConsecNumber = "- " + parseInt(nConsecNumber * nMultConsecNumber);
}
if (nSeqAlpha > 0) { // Sequential alpha strings exist (3 characters or more)
nScore = parseInt(nScore - (nSeqAlpha * nMultSeqAlpha));
sSeqAlpha = "- " + parseInt(nSeqAlpha * nMultSeqAlpha);
}
if (nSeqNumber > 0) { // Sequential numeric strings exist (3 characters or more)
nScore = parseInt(nScore - (nSeqNumber * nMultSeqNumber));
sSeqNumber = "- " + parseInt(nSeqNumber * nMultSeqNumber);
}
if (nSeqSymbol > 0) { // Sequential symbol strings exist (3 characters or more)
nScore = parseInt(nScore - (nSeqSymbol * nMultSeqSymbol));
sSeqSymbol = "- " + parseInt(nSeqSymbol * nMultSeqSymbol);
}
// $("nAlphasOnlyBonus").innerHTML = sAlphasOnly;
// $("nNumbersOnlyBonus").innerHTML = sNumbersOnly;
// $("nRepCharBonus").innerHTML = sRepChar;
// $("nConsecAlphaUCBonus").innerHTML = sConsecAlphaUC;
// $("nConsecAlphaLCBonus").innerHTML = sConsecAlphaLC;
// $("nConsecNumberBonus").innerHTML = sConsecNumber;
// $("nSeqAlphaBonus").innerHTML = sSeqAlpha;
// $("nSeqNumberBonus").innerHTML = sSeqNumber;
// $("nSeqSymbolBonus").innerHTML = sSeqSymbol;
/* Determine if mandatory requirements have been met and set image indicators accordingly */
var arrChars = [nLength,nAlphaUC,nAlphaLC,nNumber,nSymbol];
var arrCharsIds = ["nLength","nAlphaUC","nAlphaLC","nNumber","nSymbol"];
var arrCharsLen = arrChars.length;
// for (var c=0; c < arrCharsLen; c++) {
// var oImg = $('div_' + arrCharsIds[c]);
// var oBonus = $(arrCharsIds[c] + 'Bonus');
// $(arrCharsIds[c]).innerHTML = arrChars[c];
// if (arrCharsIds[c] == "nLength") { var minVal = parseInt(nMinPwdLen - 1); } else { var minVal = 0; }
// if (arrChars[c] == parseInt(minVal + 1)) { nReqChar++; oImg.className = "pass"; oBonus.parentNode.className = "pass"; }
// else if (arrChars[c] > parseInt(minVal + 1)) { nReqChar++; oImg.className = "exceed"; oBonus.parentNode.className = "exceed"; }
// else { oImg.className = "fail"; oBonus.parentNode.className = "fail"; }
// }
nRequirements = nReqChar;
if (pwd.length >= nMinPwdLen) { var nMinReqChars = 3; } else { var nMinReqChars = 4; }
if (nRequirements > nMinReqChars) { // One or more required characters exist
nScore = parseInt(nScore + (nRequirements * 2));
sRequirements = "+ " + parseInt(nRequirements * 2);
}
// $("nRequirementsBonus").innerHTML = sRequirements;
/* Determine if additional bonuses need to be applied and set image indicators accordingly */
var arrChars = [nMidChar,nRequirements];
var arrCharsIds = ["nMidChar","nRequirements"];
var arrCharsLen = arrChars.length;
// for (var c=0; c < arrCharsLen; c++) {
// var oImg = $('div_' + arrCharsIds[c]);
// var oBonus = $(arrCharsIds[c] + 'Bonus');
// $(arrCharsIds[c]).innerHTML = arrChars[c];
// if (arrCharsIds[c] == "nRequirements") { var minVal = nMinReqChars; } else { var minVal = 0; }
// if (arrChars[c] == parseInt(minVal + 1)) { oImg.className = "pass"; oBonus.parentNode.className = "pass"; }
// else if (arrChars[c] > parseInt(minVal + 1)) { oImg.className = "exceed"; oBonus.parentNode.className = "exceed"; }
// else { oImg.className = "fail"; oBonus.parentNode.className = "fail"; }
// }
/* Determine if suggested requirements have been met and set image indicators accordingly */
var arrChars = [nAlphasOnly,nNumbersOnly,nRepChar,nConsecAlphaUC,nConsecAlphaLC,nConsecNumber,nSeqAlpha,nSeqNumber,nSeqSymbol];
var arrCharsIds = ["nAlphasOnly","nNumbersOnly","nRepChar","nConsecAlphaUC","nConsecAlphaLC","nConsecNumber","nSeqAlpha","nSeqNumber","nSeqSymbol"];
var arrCharsLen = arrChars.length;
// for (var c=0; c < arrCharsLen; c++) {
// var oImg = $('div_' + arrCharsIds[c]);
// var oBonus = $(arrCharsIds[c] + 'Bonus');
// $(arrCharsIds[c]).innerHTML = arrChars[c];
// if (arrChars[c] > 0) { oImg.className = "warn"; oBonus.parentNode.className = "warn"; }
// else { oImg.className = "pass"; oBonus.parentNode.className = "pass"; }
// }
/* Determine complexity based on overall score */
if (nScore > 100) { nScore = 100; } else if (nScore < 0) { nScore = 0; }
if (nScore >= 0 && nScore < 20) { sComplexity = "Very Weak"; }
else if (nScore >= 20 && nScore < 40) { sComplexity = "Weak"; }
else if (nScore >= 40 && nScore < 60) { sComplexity = "Good"; }
else if (nScore >= 60 && nScore < 80) { sComplexity = "Strong"; }
else if (nScore >= 80 && nScore <= 100) { sComplexity = "Very Strong"; }
/* Display updated score criteria to client */
oScorebar.style.backgroundPosition = "-" + parseInt(nScore * 4) + "px 0px";
oScore.innerHTML = nScore + "%";
// oComplexity.innerHTML = sComplexity;
}
else {
/* Display default score criteria to client */
initPwdChk();
oScore.innerHTML = nScore + "%";
// oComplexity.innerHTML = sComplexity;
}
}
function togPwdMask() {
var oPwd = $("passwordPwd");
var oTxt = $("passwordTxt");
var oMask = $("mask");
if (oMask.checked) {
oPwd.value = oTxt.value;
oPwd.className = "";
oTxt.className = "hide";
}
else {
oTxt.value = oPwd.value;
oPwd.className = "hide";
oTxt.className = "";
}
}
function initPwdChk(restart) {
/* Reset all form values to their default */
var arrZeros = ["nLength","nAlphaUC","nAlphaLC","nNumber","nSymbol","nMidChar","nRequirements","nAlphasOnly","nNumbersOnly","nRepChar","nConsecAlphaUC","nConsecAlphaLC","nConsecNumber","nSeqAlpha","nSeqNumber","nSeqSymbol","nLengthBonus","nAlphaUCBonus","nAlphaLCBonus","nNumberBonus","nSymbolBonus","nMidCharBonus","nRequirementsBonus","nAlphasOnlyBonus","nNumbersOnlyBonus","nRepCharBonus","nConsecAlphaUCBonus","nConsecAlphaLCBonus","nConsecNumberBonus","nSeqAlphaBonus","nSeqNumberBonus","nSeqSymbolBonus"];
var arrPassPars = ["nAlphasOnlyBonus","nNumbersOnlyBonus","nRepCharBonus","nConsecAlphaUCBonus","nConsecAlphaLCBonus","nConsecNumberBonus","nSeqAlphaBonus","nSeqNumberBonus","nSeqSymbolBonus"];
var arrPassDivs = ["div_nAlphasOnly","div_nNumbersOnly","div_nRepChar","div_nConsecAlphaUC","div_nConsecAlphaLC","div_nConsecNumber","div_nSeqAlpha","div_nSeqNumber","div_nSeqSymbol"];
var arrFailPars = ["nLengthBonus","nAlphaUCBonus","nAlphaLCBonus","nNumberBonus","nSymbolBonus","nMidCharBonus","nRequirementsBonus"];
var arrFailDivs = ["div_nLength","div_nAlphaUC","div_nAlphaLC","div_nNumber","div_nSymbol","div_nMidChar","div_nRequirements"];
// for (var i in arrZeros) { $(arrZeros[i]).innerHTML = "0"; }
// for (var i in arrPassPars) { $(arrPassPars[i]).parentNode.className = "pass"; }
// for (var i in arrPassDivs) { $(arrPassDivs[i]).className = "pass"; }
// for (var i in arrFailPars) { $(arrFailPars[i]).parentNode.className = "fail"; }
// for (var i in arrFailDivs) { $(arrFailDivs[i]).className = "fail"; }
// $("passwordPwd").value = "";
// $("passwordTxt").value = "";
$("scorebar").style.backgroundPosition = "0 0";
if (restart) {
$("passwordPwd").className = "";
$("passwordTxt").className = "hide";
$("mask").checked = true;
}
}
addLoadEvent(function() { initPwdChk(1); });