Home Logout

Private Home page
Change Password

Create new user account

 New user account settings
New Username:
New Password:
Repeat Password:
Account Settings
Allowed Paths:
Allowed IP addresses:
Session type:

Strong Passwords: It is so easy

If you only could see what you are typing

Note: For the procedures used at this site, a basic computer setup can check a billion passwords per second. You need a password (or phrase) strength in the order of 56 bits to be a little secure (one year on a single computer). One of the largest network in the world, Bitcoin mining, can check some 12 terahashes per second (June 2012). This corresponds to checking 6 times 1012 passwords per second. It would take a passwords strength of ~68 bits to keep the equivalent of the Bitcoin computer network occupied for around a year before it found a match.
An example whould be the phrase '
Sherlock investigates oleander curry in Bath'.

Your password might be vulnerable to brute force guessing. Protections against such attacks are costly in terms of code complexity, bugs, and execution time.
However, there is a very simple and secure counter measure. See the XKCD comic above. The phrase, There is no password like more password would be both much easier to remember, and still stronger than h4]D%@m:49 , at least before this phrase was pasted as an example on the Internet.
Please be so kind and add the name of your favorite flower, dish, fictional character, or small town to your password. Say, Oleander, Curry, Sherlock, or Bath, UK (each adds ~12 bits) or even the phrase Sherlock investigates oleander curry in Bath (adds > 56 bits, note that oleander is poisonous, so do not try this curry at home). That would be more effective than adding a thousand rounds of encryption. Typing long passwords without seeing what you are typing is problematic. So a button should be included to make password visible.

The Salt and Ticket values are all created using SHA256 on 64 Byte of output from /dev/urandom in HEX.

Example Login page for CGIscriptor.pl
Copyright © 2012 R.J.J.H. van Son
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

A JavaScript implementation of the SHA family of hashes, as defined in FIPS PUB 180-2 as well as the corresponding HMAC implementation as defined in FIPS PUB 198a
Version 1.3 Copyright Brian Turek 2008-2010 Distributed under the BSD License
See http://jssha.sourceforge.net/ for more information
Several functions taken from Paul Johnson