Conversion to Digest::SHA
[CGIscriptor.git] / Private / ChangePassword.html
blob8b4c58e5f261ba256f99d83cd1824dd2f1e74abc
1 <html>
2 <head>
3 <title>Change Password</title>
4 <SCRIPT TYPE="text/ssperl" CGI='$LOGINTICKET $REMOTE_ADDR $LOGINUSERNAME $LOGINIPADDRESS $LOGINPATH'>
5 ::create_login_file("~/Private/.Passwords", "~/Private/.Sessions", $REMOTE_ADDR);
6 "";
7 </SCRIPT>
8 <SCRIPT type="text/javascript" LANGUAGE="JavaScript">
9 <SCRIPT TYPE="text/ssperl" SRC="./JavaScript/ChangePasswordPage.js"></SCRIPT>
10 </script>
12 </head>
13 <body>
14 <p>
15 <table width='100%'><tr>
16 <td style='text-align: left'><a href="/index.html">Home</a></td>
17 <td style='text-align: right'><a href="?LOGOUT">Logout</a></td>
18 </tr></table>
19 </p>
20 <p ALIGN=RIGHT><a href="index.html">Private Home page</a><br />
21 <a href="CreateUser.html">Create New User Account</a></p>
22 <h1 align=CENTER>Change the password for user <em><script type="text/ssperl" CGI='$LOGINUSERNAME=""'>$LOGINUSERNAME</script></em></h1>
23 <p>
24 <form method="POST" action="index.html" id="LoginForm"
25 onSubmit='ChangePasswordSubmit ()'>
26 <div style="margin-left: 30%; margin-right: 30%; text-align: left">
27 <table>
28 <tr>
29 <td style="text-align: right">Old Password:</td>
30 <td style="text-align: left"><input type="PASSWORD" name="PASSWORD" id="PASSWORD" size="60" /></td>
31 </tr>
32 <tr>
33 <td style="text-align: right">New Password:</td>
34 <td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORD" id="NEWPASSWORD" size="60" />
35 </td>
36 </tr>
37 <tr>
38 <td style="text-align: right">Repeat:</td>
39 <td style="text-align: left"><input type="PASSWORD" name="NEWPASSWORDREP" id="NEWPASSWORDREP" size="60" onChange="check_password_fields();"/></td>
40 </tr>
41 <tr>
42 <td></td>
43 <td style="text-align: left"><input type="submit" id="SUBMIT" value="Change" style="color: Gray" />
44 <input type="button" id="revealpassword" value="Show Passwords" onClick="this.value=togglePasswords('Hide', 'Show', this.value);true" />
45 </td>
46 </tr>
47 </table>
48 <input type="hidden" name="CGIUSERNAME" id="CGIUSERNAME" size="20" value=<SCRIPT type="text/ssperl">$LOGINUSERNAME</SCRIPT> />
49 <input type="hidden" name="LOGINTICKET" id="LOGINTICKET" value="--" />
50 </div>
51 </form>
52 </p>
53 <h2 align=CENTER>Strong Passwords: It is so easy</h2>
54 <h3 align=CENTER>If you only could see what you are typing</h3>
56 <p style="margin-left: 20%; margin-right: 20%; text-align: center">
57 <a href="http://xkcd.com/936/" target="_blank"><img src="http://imgs.xkcd.com/comics/password_strength.png" width="60%" /></a>
58 </p>
59 <p style="margin-left: 30%; margin-right: 30%; text-align: center">
60 <font style="font-size: small">
61 <em>
62 Note: For the procedures used at this site, a basic computer setup can check a billion passwords per second. You need
63 a password (or phrase) strength in the order of 56 bits to be a little secure (one year on a single computer). One of
64 the largest network in the world, Bitcoin mining, can check some 12 terahashes per second (June 2012). This
65 corresponds to checking 6 times 10<sup>12</sup> passwords per second.
66 It would take a passwords strength of ~68 bits to keep the equivalent of
67 the Bitcoin computer network occupied for around a year before it found
68 a match.<br />
69 An example whould be the phrase '</em>Sherlock investigates oleander curry in Bath<em>'.
70 </em>
71 </font>
72 </p>
73 <p style="margin-left: 30%; margin-right: 30%; text-align: justify">
74 Your password might be vulnerable to <a href=
75 "https://en.wikipedia.org/wiki/Brute_force_attack"><em>brute force
76 </em></a> guessing. Protections against such attacks are costly in
77 terms of code complexity, bugs, and execution time.<br /> However,
78 there is a very simple and secure counter measure. See the <a href=
79 "http://xkcd.com/936/" target="_blank">XKCD comic</a> above. The
80 phrase, <em>There is no password like more password</em> would be
81 both much easier to remember, and still stronger than <em>h4]D%@m:49
82 </em>, at least before this phrase was pasted as an example on the
83 Internet.<br /> Please be so kind and add the name of your favorite
84 flower, dish, fictional character, or small town to your password.
85 Say, <em>Oleander</em>, <em>Curry</em>, <em>Sherlock</em>, or <em>Bath</em>,
86 UK (each adds ~12 bits) or even the phrase <em>Sherlock investigates
87 oleander curry in Bath</em> (adds &gt; 56 bits, note that oleander is
88 <em>poisonous</em>, so do not try this curry at home). That would be
89 more effective than adding a thousand rounds of encryption. Typing
90 long passwords without seeing what you are typing is problematic. So
91 a button should be included to make password visible.
92 </p>
93 <p>
94 <hr>
95 </p>
96 <p>
97 The Salt and Ticket values are all created using SHA256 on 64 Byte of output from <em>/dev/urandom</em> in HEX.
98 </p>
99 <FONT STYLE="font-size:small">
100 <p> Example Login page for CGIscriptor.pl<br />
101 Copyright &copy; 2012 R.J.J.H. van Son<br />
102 This program is free software: you can redistribute it and/or modify
103 it under the terms of the GNU General Public License as published by
104 the Free Software Foundation, either version 3 of the License, or
105 (at your option) any later version.
106 This program is distributed in the hope that it will be useful,
107 but WITHOUT ANY WARRANTY; without even the implied warranty of
108 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
109 GNU General Public License for more details.<br />
110 You should have received a copy of the GNU General Public License
111 along with this program. If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.
112 </p>
113 <p> A JavaScript implementation of the SHA family of hashes, as defined in FIPS
114 PUB 180-2 as well as the corresponding HMAC implementation as defined in
115 FIPS PUB 198a<br />
116 Version 1.3 Copyright Brian Turek 2008-2010
117 Distributed under the BSD License<br />
118 See <a href="http://jssha.sourceforge.net/">http://jssha.sourceforge.net/</a> for more information<br />
119 Several functions taken from Paul Johnson
120 </p>
121 </FONT>
123 </body>
124 </html>