aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2012-05-15 08:32:01 +0200
committerGuilhem Moulin <guilhem.moulin@fripost.org>2012-05-15 08:32:01 +0200
commit49d006287b4c46d546a80fce57d2584b88364645 (patch)
treee4ce914a01092671b1f473c94a60f1e3008db7e8 /lib
parentc8eec12ddff5a6f19ceeb633071f4d22d968c774 (diff)
New password policy.
Diffstat (limited to 'lib')
-rwxr-xr-xlib/Fripost/Password.pm17
-rwxr-xr-xlib/Fripost/Prompt.pm18
2 files changed, 20 insertions, 15 deletions
diff --git a/lib/Fripost/Password.pm b/lib/Fripost/Password.pm
index fc1f7ce..0f2cf6e 100755
--- a/lib/Fripost/Password.pm
+++ b/lib/Fripost/Password.pm
@@ -77,9 +77,11 @@ sub hash {
sub is_salted { return ( not ( defined $_[0] ) or $_[0] ne '' ) };
-# Generate (random) salt, with a (random) length of 24 to 31 bytes.
+# Generate a (random) 4 bytes salt. We only generates 4 bytes here to
+# match the other way to hash & salt passwords (`slappasswd' and the
+# RoundCube passwords).
sub make_salt {
- my $len = 31 - int( rand(8) );
+ my $len = 4;
my @bytes = ();
for my $i ( 1 .. $len ) {
push( @bytes, rand(255) );
@@ -87,11 +89,6 @@ sub make_salt {
return pack( 'C*', @bytes );
}
-sub random_string {
- my ($len, $range) = @_;
- return join '', @$range[ map {rand $#$range} (1..$len) ];
-}
-
# Add trailing `='s to the input string to ensure its length is a
# multiple of 4.
@@ -107,9 +104,9 @@ sub pad_base64 {
# Our policy for automatically generated passwords.
sub mkpasswd {
return String::MkPasswd::mkpasswd(
- -length => 20,
- -minnum => 5,
- -minspecial => 3
+ -length => 12,
+ -minnum => 2,
+ -minspecial => 1
);
}
diff --git a/lib/Fripost/Prompt.pm b/lib/Fripost/Prompt.pm
index 4f71faf..0edc22f 100755
--- a/lib/Fripost/Prompt.pm
+++ b/lib/Fripost/Prompt.pm
@@ -58,7 +58,7 @@ sub prompt_email {
unless (Email::Valid->address($email)) {
undef $email;
- say "This is not a valid e-mail address. Try again."
+ say "Error: This is not a valid e-mail address. Try again."
}
}
until (defined $email);
@@ -72,11 +72,19 @@ sub prompt_password {
my $password;
do {
- $password = prompt -in => \*STDIN, -out => \*STDOUT, $msg, -echo => '*';
- my $confirm = prompt -in => \*STDIN, -out => \*STDOUT, $msg2, -echo => '*';
- unless ($password eq $confirm) {
+ $password = prompt -in => \*STDIN, -out => \*STDOUT,
+ $msg, -echo => '*';
+ if ($password ne '' and length $password < 12) {
undef $password;
- say "Passwords do not match";
+ say STDERR "Error: Passwords have to be at least 12 characters long.";
+ }
+ else {
+ my $confirm = prompt -in => \*STDIN, -out => \*STDOUT,
+ $msg2, -echo => '*';
+ unless ($password eq $confirm) {
+ undef $password;
+ say STDERR "Error: Passwords do not match";
+ }
}
}
until (defined $password);