|
|
|
File: C:/usr/local/lib/php/blueshoes-4.2/core/auth/Bs_Password.class.php
BlueShoes Application Framework - auth
Bs_Password
Bs_Object
|
+-- Bs_Password
Password class.
|
public class Bs_Password extends Bs_Object
Password class.
features:- generate pronounceable passwords- detect bad passwords on different levels- detect hack attacksmissing:wish list:KNOWLEDGE BASEshould users be able to choose their own password? if so, they usually choose weak things. if yougive them something like F4@!ad0T$ they will write it on a paper and stick it on the monitor.Announcing the Standard for Automated Password Generatorhttp://www.eff.org/Privacy/Newin/New_nist/fips181.txtcreating passwords using the '4th-order Markov chain', seemessage http://www.phpbuilder.com/annotate/message.php3?id=1005436follow up http://www.phpbuilder.com/annotate/message.php3?id=1006236follow up http://www.phpbuilder.com/annotate/message.php3?id=1007044*** how to make your system secure: *************************************************************************************1) don't allow brute force attacks. limit the number of login attempts or double the timeout time (see below).2) don't let ppl choose stupid passwords. stupid passwords are:- the most and well known used passwords (like 1234, password, letmein, hello etc)- names (first names)- birthday dates (dates at all)- things that lay around the computer- dictionary words- dictionary words with attached numbers, eg 'computer98'but as long as you stop bruteforce, this is not the weak point.3) log all login attempts4) block ip's and usernames after too many wrong login attempts. the real users need to email/call to reactivate.5) maybe use (german)'streichlisten' (lists of numbers, the next number has to be typed in along with user/pass each time).6) don't make usernames public. if the password AND username has to be guessed, then it's much more frustrating for ahack. don't use well known usernames like 'root', 'admin', 'guest'.7) never ever allow username and password to be equal.*** number of login attempts: *******************************************************************************************sam and andrej think it's a bad and common thing to allow 3 login attempts. it's not enough. because the first time thepassword is typed in, one does it not carefully at all. then it's wrong. now on thinks that he misspelled it. so onetypes it again, more or less carefully. wrong again, yuck, panic. now one goes (i have done that myself alot of times)and types it with 1 finger, letter by letter. and this is where you mostly misspell it anyway. so the 3 attempts aregone, and the user didn't even try another password. or thinks about if he has changed it lately. or whatever.limiting the user attempts isn't too bad. bruteforce attacks have to be blocked, that's for sure. but the chance/riskthat an attacker finds out the password in 10 attempts compared to 3 attempts isn't much bigger.our favorite way is the unix one: double the timeout time each time a wrong password has been entered, and reset itwhen the password was ok. this has been implementd in the Bs_Session class.i think that logging all login attempts (with datetime, user/pass, ip etc) is a very good idea. the Bs_Session classhas a few more neat features. for example hacker detection (if things like letmein, root, password etc are tried).*** the security of passwords: ******************************************************************************************David Altherr has made a nice list of how long it takes to brute-force what sort of password.see http://www.phpbuilder.com/annotate/message.php3?id=1006410Some 'max time to crack' probabilities i calculated based on the assumption of an 8char password and the estimation that we can brute force about a million possibilitiesa second (a very low estimation considering current technologies have been clocked at2,676,400 /sec ), you can adjust figures linearly as desired:+----------+------------+----------+------------------------------------------------------------------------------------+| EXAMPLES | OPERATIONS | TIME | DESCRIPTION ||----------+------------+----------+------------------------------------------------------------------------------------+| abababab | 4.14E8 | 3.45 min | the alternating vowel and constant solution as written with lower case characters ||----------+------------+----------+------------------------------------------------------------------------------------+| abababab | 8.28E8 | 6.91 min | the alternating vowel and constant solution as written with lower case characters || babababa | | | and random starting vowel or character ||----------+------------+----------+------------------------------------------------------------------------------------+| ? | 5.30E10 | 14.74 h | the alternating solution but with numbers and lower case characters ||----------+------------+----------+------------------------------------------------------------------------------------+| 3bA0aBA9 | 1.46E12 | 16.95 d | the alternating solution but with numbers and characters, lower and upper case ||----------+------------+----------+------------------------------------------------------------------------------------+| a0bc3z2a | 2.82E12 | 32.65 d | a totally random alphanumeric solution with only lower case ||----------+------------+----------+------------------------------------------------------------------------------------+| A0bc3Z2a | 2.18E14 | 6.92 y | a totally random alphanumeric solution ||----------+------------+----------+------------------------------------------------------------------------------------+cracking 'directory-word' passwords:Assuming a dataset of 100,000 words from the dictionary with length of seven or less, two words joined:1.00E10 operations2.77 hoursAssuming a dataset of 50,000 words from the dictionary with length of six or less, three words joined:1.25E14 operations3.96 yearscomments: over the web it will never be possible to brute-force at that speed. --andrej*************************************************************************************************************************dependencies:
| Authors | |
| Version | 4.0.$id$ |
| Copyright | blueshoes.org |
|
| |
|
Methods inherited from Bs_Object |
| isex, isexception, tostring, tohtml, persist, unpersist, bs_object, bbsetoutput, bbawake, bbisawake, bbxmsg, bbxfunctionstart, bbxfunctionend, bbxecho, bbxvar, bbxvardump, bbforcetrace, bbbufferstart, bbbufferget, bbbufferendflush, bbbufferendclean |
|
|
|
Private Field Summary |
| object [unknown] |
$_bsDbreference to the global db object. |
|
|
|
Public Method Details |
createPronounceablePassword |
|
public string createPronounceablePassword( [ integer $length, string $charType, string $confuseSafe, string $startWith ] )
|
| |
creates a pronounceable password.
the thing that makes (pass)words pronounceable is the changingof vowels and consonants.param $charType: 3 characters.the 1st one describes the case of the letters.- 'l' = lowercase (default)- 'u' = uppercase- 'b' = boththe 2nd tells if numbers should be used (n=no, y=yes)the 3rd tells if special chars should be used (n=no, y=yes)examples:- ofenisep - xejoyami- aqijuday - vurofopi- pisifeqa - uvixasugnote: there's always the risk that an inappropriate word (or part of it) is beingcreated. so maybe you want to let the ppl know that the password was generatedrandomly (using random letters) and not choosen from a list of words.acknowledgment: Tomas Krojzl xkrot05@centrum.czhttp://www.phpbuilder.com/annotate/message.php3?id=1000827
|
| Parameter |
|
| integer |
$length |
= >>8<< |
|
the length of the generated password. default is 8. |
|
|
| string |
$charType |
= >>'lnn'<< |
|
(default is 'mnn', see above) |
|
|
| string |
$confuseSafe |
= >>FALSE,<< |
|
(default is FALSE. if set to TRUE, the characters i/I l/L o/O 1 (one) and 0 (zero) won't be used). |
|
|
| string |
$startWith |
= >>'random'<< |
|
one of 'random' (default), 'wovel', 'consonant'. the first letter will be that. |
|
| Returns |
string |
|
looksLikeHack |
|
public bool looksLikeHack( string $password, [ string $username ] )
|
| |
tells if the user/pass combination looks like a hack attempt.
if $username is empty then the method only looks at the password.
|
| Parameter |
|
|
|
| string |
$username |
= >>null<< |
|
|
|
| Returns |
bool |
| Throws |
bs_exception if we don't have a database with that info (or no db connection). |
|
isDictionaryWord |
|
public bool isDictionaryWord( string $word )
|
| |
tells if $word is a dictionary word.
this is useful if you don't want users to choose such words.currently we only have an english dictionary to check.
|
| Parameter |
|
|
| Returns |
bool |
| Throws |
bs_exception (db) |
|
isBoyName |
|
public bool isBoyName( string $name )
|
| |
tells if the given $name is a boy's first name.
|
| Parameter |
|
|
| Returns |
bool |
| Throws |
bs_exception |
| See Also |
isGirlName(), isFirstName() |
|
isGirlName |
|
public bool isGirlName( string $name )
|
| |
tells if the given $name is a girl's first name.
|
| Parameter |
|
|
| Returns |
bool |
| Throws |
bs_exception |
| See Also |
isBoyName(), isFirstName() |
|
isFirstName |
|
public bool isFirstName( string $name )
|
| |
tells if the given $name is a girl's or boy's first name.
|
| Parameter |
|
|
| Returns |
bool |
| Throws |
bs_exception |
| See Also |
isBoyName(), isGirlName() |
|
isSilly |
|
public bool isSilly( string $password )
|
| |
tells if the given password is a silly password.
something like 'secret', 'password', 'letmein' etc.
|
| Parameter |
|
|
| Returns |
bool |
|
isBadPassword |
|
public bool isBadPassword( string $password )
|
| |
tells if the given password is insecure.
|
| Parameter |
|
|
| Returns |
bool |
|
Bs_Password |
|
public void Bs_Password( )
|
| |
Warning: documentation is missing.
|
| Returns |
void |
|
|
Private Field Details |
$_bsDb |
|
private object [unknown] $_bsDb
>>
reference to the global db object.
|
|
|
Private Constant Details |
BS_PASSWORD_VERSION
define( BS_PASSWORD_VERSION, >>4.0.$x$<< )
Case: default: case sensitive
|
|
|
|
|
|
| PHPDoc 1.0beta |
