diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-04-18 14:05:21 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-04-18 14:05:21 +0200 |
commit | 1ef526f0f0ea664518789c5ab73ed9de140714ad (patch) | |
tree | a9a54cd23d9a4465e0181dd212809c17745c5af6 | |
parent | 8058e08926afc5ec6528d233cf8cc5f7404dad38 (diff) | |
download | UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.gz UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.lz UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.xz UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.zip |
Strengthen the use of the Master Password.
- Use 30k iterations instead of 1.
- Enforce minimum password length of 8 characters.
- Adjust strength meter accordingly.
This resolves #82.
-rw-r--r-- | security/nss/lib/softoken/sftkpwd.c | 4 | ||||
-rw-r--r-- | toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd | 2 | ||||
-rw-r--r-- | toolkit/mozapps/preferences/changemp.js | 12 | ||||
-rw-r--r-- | toolkit/mozapps/preferences/changemp.xul | 7 |
4 files changed, 16 insertions, 9 deletions
diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c index e0d2df9ab..07b6922dc 100644 --- a/security/nss/lib/softoken/sftkpwd.c +++ b/security/nss/lib/softoken/sftkpwd.c @@ -273,7 +273,7 @@ sftkdb_EncryptAttribute(PLArenaPool *arena, SECItem *passKey, RNG_GenerateGlobalRandomBytes(saltData, cipherValue.salt.len); param = nsspkcs5_NewParam(cipherValue.alg, HASH_AlgSHA1, &cipherValue.salt, - 1); + 30000); if (param == NULL) { rv = SECFailure; goto loser; @@ -444,7 +444,7 @@ sftkdb_SignAttribute(PLArenaPool *arena, SECItem *passKey, RNG_GenerateGlobalRandomBytes(saltData, prfLength); /* initialize our pkcs5 parameter */ - param = nsspkcs5_NewParam(signValue.alg, HASH_AlgSHA1, &signValue.salt, 1); + param = nsspkcs5_NewParam(signValue.alg, HASH_AlgSHA1, &signValue.salt, 30000); if (param == NULL) { rv = SECFailure; goto loser; diff --git a/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd b/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd index 1cc7b9621..1b1d5ac55 100644 --- a/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd +++ b/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd @@ -9,5 +9,5 @@ <!ENTITY setPassword.reenterPassword.label "Re-enter password:"> <!ENTITY setPassword.meter.label "Password quality meter"> <!ENTITY setPassword.meter.loading "Loading"> -<!ENTITY masterPasswordDescription.label "A Master Password is used to protect sensitive information like site passwords. If you create a Master Password you will be asked to enter it once per session when &brandShortName; retrieves saved information protected by the password."> +<!ENTITY masterPasswordDescription.label "A Master Password is used to protect sensitive information like site passwords. If you create a Master Password you will be asked to enter it once per session when &brandShortName; retrieves saved information protected by the password. A master password must be 8 characters or longer; longer is better."> <!ENTITY masterPasswordWarning.label "Please make sure you remember the Master Password you have set. If you forget your Master Password, you will be unable to access any of the information protected by it."> diff --git a/toolkit/mozapps/preferences/changemp.js b/toolkit/mozapps/preferences/changemp.js index 82dd20128..71664b3e1 100644 --- a/toolkit/mozapps/preferences/changemp.js +++ b/toolkit/mozapps/preferences/changemp.js @@ -167,8 +167,8 @@ function setPasswordStrength() // length of the password var pwlength=(pw.length); - if (pwlength>5) - pwlength=5; + if (pwlength>10) + pwlength=10; // use of numbers in the password @@ -190,7 +190,7 @@ function setPasswordStrength() upper=3; - var pwstrength=((pwlength*10)-20) + (numeric*10) + (numsymbols*15) + (upper*10); + var pwstrength=((pwlength*5)-20) + (numeric*10) + (numsymbols*15) + (upper*10); // make sure we're give a value between 0 and 100 if ( pwstrength < 0 ) { @@ -227,6 +227,12 @@ function checkPasswords() } } + // Never accept short passwords < 8 chars + if (pw1.length < 8) { + ok.setAttribute("disabled", "true"); + return; + } + if (pw1 == pw2) { ok.setAttribute("disabled", "false"); } else diff --git a/toolkit/mozapps/preferences/changemp.xul b/toolkit/mozapps/preferences/changemp.xul index 14d02295e..b316fa42b 100644 --- a/toolkit/mozapps/preferences/changemp.xul +++ b/toolkit/mozapps/preferences/changemp.xul @@ -34,7 +34,7 @@ <rows> <row> <label control="oldpw">&setPassword.oldPassword.label;</label> - <textbox id="oldpw" type="password"/> + <textbox id="oldpw" type="password" size="18"/> <!-- This textbox is inserted as a workaround to the fact that making the 'type' & 'disabled' property of the 'oldpw' textbox toggle between ['password' & 'false'] and ['text' & 'true'] - as would be necessary if the menu has more @@ -46,12 +46,13 @@ </row> <row> <label control="pw1">&setPassword.newPassword.label;</label> - <textbox id="pw1" type="password" + <textbox id="pw1" type="password" size="18" oninput="setPasswordStrength(); checkPasswords();"/> </row> <row> <label control="pw2">&setPassword.reenterPassword.label;</label> - <textbox id="pw2" type="password" oninput="checkPasswords();"/> + <textbox id="pw2" type="password" size="18" + oninput="checkPasswords();"/> </row> </rows> </grid> |