diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-05-15 08:32:01 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-05-15 08:32:01 +0200 |
commit | 49d006287b4c46d546a80fce57d2584b88364645 (patch) | |
tree | e4ce914a01092671b1f473c94a60f1e3008db7e8 /lib | |
parent | c8eec12ddff5a6f19ceeb633071f4d22d968c774 (diff) |
New password policy.
Diffstat (limited to 'lib')
-rwxr-xr-x | lib/Fripost/Password.pm | 17 | ||||
-rwxr-xr-x | lib/Fripost/Prompt.pm | 18 |
2 files changed, 20 insertions, 15 deletions
diff --git a/lib/Fripost/Password.pm b/lib/Fripost/Password.pm index fc1f7ce..0f2cf6e 100755 --- a/lib/Fripost/Password.pm +++ b/lib/Fripost/Password.pm @@ -77,9 +77,11 @@ sub hash { sub is_salted { return ( not ( defined $_[0] ) or $_[0] ne '' ) }; -# Generate (random) salt, with a (random) length of 24 to 31 bytes. +# Generate a (random) 4 bytes salt. We only generates 4 bytes here to +# match the other way to hash & salt passwords (`slappasswd' and the +# RoundCube passwords). sub make_salt { - my $len = 31 - int( rand(8) ); + my $len = 4; my @bytes = (); for my $i ( 1 .. $len ) { push( @bytes, rand(255) ); @@ -87,11 +89,6 @@ sub make_salt { return pack( 'C*', @bytes ); } -sub random_string { - my ($len, $range) = @_; - return join '', @$range[ map {rand $#$range} (1..$len) ]; -} - # Add trailing `='s to the input string to ensure its length is a # multiple of 4. @@ -107,9 +104,9 @@ sub pad_base64 { # Our policy for automatically generated passwords. sub mkpasswd { return String::MkPasswd::mkpasswd( - -length => 20, - -minnum => 5, - -minspecial => 3 + -length => 12, + -minnum => 2, + -minspecial => 1 ); } diff --git a/lib/Fripost/Prompt.pm b/lib/Fripost/Prompt.pm index 4f71faf..0edc22f 100755 --- a/lib/Fripost/Prompt.pm +++ b/lib/Fripost/Prompt.pm @@ -58,7 +58,7 @@ sub prompt_email { unless (Email::Valid->address($email)) { undef $email; - say "This is not a valid e-mail address. Try again." + say "Error: This is not a valid e-mail address. Try again." } } until (defined $email); @@ -72,11 +72,19 @@ sub prompt_password { my $password; do { - $password = prompt -in => \*STDIN, -out => \*STDOUT, $msg, -echo => '*'; - my $confirm = prompt -in => \*STDIN, -out => \*STDOUT, $msg2, -echo => '*'; - unless ($password eq $confirm) { + $password = prompt -in => \*STDIN, -out => \*STDOUT, + $msg, -echo => '*'; + if ($password ne '' and length $password < 12) { undef $password; - say "Passwords do not match"; + say STDERR "Error: Passwords have to be at least 12 characters long."; + } + else { + my $confirm = prompt -in => \*STDIN, -out => \*STDOUT, + $msg2, -echo => '*'; + unless ($password eq $confirm) { + undef $password; + say STDERR "Error: Passwords do not match"; + } } } until (defined $password); |