Strengthen the use of the Master Password.

- Use 30k iterations instead of 1. - Enforce minimum password length of 8 characters. - Adjust strength meter accordingly. This resolves #82.
author: wolfbeast <mcwerewolf@gmail.com> 2018-04-18 14:05:21 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-04-18 14:05:21 +0200
commit: 1ef526f0f0ea664518789c5ab73ed9de140714ad (patch)
tree: a9a54cd23d9a4465e0181dd212809c17745c5af6
parent: 8058e08926afc5ec6528d233cf8cc5f7404dad38 (diff)
download: UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar
UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.gz
UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.lz
UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.xz
UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.zip
4 files changed, 16 insertions, 9 deletions
diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c
index e0d2df9ab..07b6922dc 100644
--- a/security/nss/lib/softoken/sftkpwd.c
+++ b/security/nss/lib/softoken/sftkpwd.c
@@ -273,7 +273,7 @@ sftkdb_EncryptAttribute(PLArenaPool *arena, SECItem *passKey,
     RNG_GenerateGlobalRandomBytes(saltData, cipherValue.salt.len);
 
     param = nsspkcs5_NewParam(cipherValue.alg, HASH_AlgSHA1, &cipherValue.salt,
-                              1);
+                              30000);
     if (param == NULL) {
         rv = SECFailure;
         goto loser;
@@ -444,7 +444,7 @@ sftkdb_SignAttribute(PLArenaPool *arena, SECItem *passKey,
     RNG_GenerateGlobalRandomBytes(saltData, prfLength);
 
     /* initialize our pkcs5 parameter */
-    param = nsspkcs5_NewParam(signValue.alg, HASH_AlgSHA1, &signValue.salt, 1);
+    param = nsspkcs5_NewParam(signValue.alg, HASH_AlgSHA1, &signValue.salt, 30000);
     if (param == NULL) {
         rv = SECFailure;
         goto loser;
diff --git a/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd b/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd
index 1cc7b9621..1b1d5ac55 100644
--- a/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd
+++ b/toolkit/locales/en-US/chrome/mozapps/preferences/changemp.dtd
@@ -9,5 +9,5 @@
 <!ENTITY setPassword.reenterPassword.label "Re-enter password:">
 <!ENTITY setPassword.meter.label           "Password quality meter">
 <!ENTITY setPassword.meter.loading         "Loading">
-<!ENTITY masterPasswordDescription.label   "A Master Password is used to protect sensitive information like site passwords.  If you create a Master Password you will be asked to enter it once per session when &brandShortName; retrieves saved information protected by the password.">
+<!ENTITY masterPasswordDescription.label   "A Master Password is used to protect sensitive information like site passwords.  If you create a Master Password you will be asked to enter it once per session when &brandShortName; retrieves saved information protected by the password.  A master password must be 8 characters or longer; longer is better.">
 <!ENTITY masterPasswordWarning.label       "Please make sure you remember the Master Password you have set.  If you forget your Master Password, you will be unable to access any of the information protected by it.">
diff --git a/toolkit/mozapps/preferences/changemp.js b/toolkit/mozapps/preferences/changemp.js
index 82dd20128..71664b3e1 100644
--- a/toolkit/mozapps/preferences/changemp.js
+++ b/toolkit/mozapps/preferences/changemp.js
@@ -167,8 +167,8 @@ function setPasswordStrength()
 
 // length of the password
   var pwlength=(pw.length);
-  if (pwlength>5)
-    pwlength=5;
+  if (pwlength>10)
+    pwlength=10;
 
 
 // use of numbers in the password
@@ -190,7 +190,7 @@ function setPasswordStrength()
     upper=3;
 
 
-  var pwstrength=((pwlength*10)-20) + (numeric*10) + (numsymbols*15) + (upper*10);
+  var pwstrength=((pwlength*5)-20) + (numeric*10) + (numsymbols*15) + (upper*10);
 
   // make sure we're give a value between 0 and 100
   if ( pwstrength < 0 ) {
@@ -227,6 +227,12 @@ function checkPasswords()
     }
   }
 
+  // Never accept short passwords < 8 chars
+  if (pw1.length < 8) {
+    ok.setAttribute("disabled", "true");
+    return;
+  }
+  
   if (pw1 == pw2) {
     ok.setAttribute("disabled", "false");
   } else
diff --git a/toolkit/mozapps/preferences/changemp.xul b/toolkit/mozapps/preferences/changemp.xul
index 14d02295e..b316fa42b 100644
--- a/toolkit/mozapps/preferences/changemp.xul
+++ b/toolkit/mozapps/preferences/changemp.xul
@@ -34,7 +34,7 @@
       <rows>
         <row>
           <label control="oldpw">&setPassword.oldPassword.label;</label>
-          <textbox id="oldpw" type="password"/>
+          <textbox id="oldpw" type="password" size="18"/>
           <!-- This textbox is inserted as a workaround to the fact that making the 'type'
                 & 'disabled' property of the 'oldpw' textbox toggle between ['password' &
                 'false'] and ['text' & 'true'] - as would be necessary if the menu has more
@@ -46,12 +46,13 @@
         </row>
         <row>
           <label control="pw1">&setPassword.newPassword.label;</label>
-          <textbox id="pw1" type="password"
+          <textbox id="pw1" type="password" size="18"
                    oninput="setPasswordStrength(); checkPasswords();"/>
         </row>
         <row>
           <label control="pw2">&setPassword.reenterPassword.label;</label>
-          <textbox id="pw2" type="password" oninput="checkPasswords();"/>
+          <textbox id="pw2" type="password" size="18"
+                   oninput="checkPasswords();"/>
         </row>
       </rows>
     </grid>
author	wolfbeast <mcwerewolf@gmail.com>	2018-04-18 14:05:21 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-04-18 14:05:21 +0200
commit	1ef526f0f0ea664518789c5ab73ed9de140714ad (patch)
tree	a9a54cd23d9a4465e0181dd212809c17745c5af6
parent	8058e08926afc5ec6528d233cf8cc5f7404dad38 (diff)
download	UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.gz UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.lz UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.tar.xz UXP-1ef526f0f0ea664518789c5ab73ed9de140714ad.zip