Home | Logout |
Private Home page
Create New User Account
Note: For the procedures used at this site, a basic computer setup can check a billion passwords per second. You need
a password (or phrase) strength in the order of 56 bits to be a little secure (one year on a single computer). One of
the largest network in the world, Bitcoin mining, can check some 12 terahashes per second (June 2012). This
corresponds to checking 6 times 1012 passwords per second.
It would take a passwords strength of ~68 bits to keep the equivalent of
the Bitcoin computer network occupied for around a year before it found
a match.
An example whould be the phrase 'Sherlock investigates oleander curry in Bath'.
Your password might be vulnerable to brute force
guessing. Protections against such attacks are costly in
terms of code complexity, bugs, and execution time.
However,
there is a very simple and secure counter measure. See the XKCD comic above. The
phrase, There is no password like more password would be
both much easier to remember, and still stronger than h4]D%@m:49
, at least before this phrase was pasted as an example on the
Internet.
Please be so kind and add the name of your favorite
flower, dish, fictional character, or small town to your password.
Say, Oleander, Curry, Sherlock, or Bath,
UK (each adds ~12 bits) or even the phrase Sherlock investigates
oleander curry in Bath (adds > 56 bits, note that oleander is
poisonous, so do not try this curry at home). That would be
more effective than adding a thousand rounds of encryption. Typing
long passwords without seeing what you are typing is problematic. So
a button should be included to make password visible.
The Salt and Ticket values are all created using SHA256 on 64 Byte of output from /dev/urandom in HEX.
Example Login page for CGIscriptor.pl
Copyright © 2012 R.J.J.H. van Son
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
A JavaScript implementation of the SHA family of hashes, as defined in FIPS
PUB 180-2 as well as the corresponding HMAC implementation as defined in
FIPS PUB 198a
Version 1.3 Copyright Brian Turek 2008-2010
Distributed under the BSD License
See http://jssha.sourceforge.net/ for more information
Several functions taken from Paul Johnson