From 49d006287b4c46d546a80fce57d2584b88364645 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 15 May 2012 08:32:01 +0200 Subject: New password policy. --- lib/Fripost/Password.pm | 17 +++++++---------- lib/Fripost/Prompt.pm | 18 +++++++++++++----- 2 files changed, 20 insertions(+), 15 deletions(-) (limited to 'lib') diff --git a/lib/Fripost/Password.pm b/lib/Fripost/Password.pm index fc1f7ce..0f2cf6e 100755 --- a/lib/Fripost/Password.pm +++ b/lib/Fripost/Password.pm @@ -77,9 +77,11 @@ sub hash { sub is_salted { return ( not ( defined $_[0] ) or $_[0] ne '' ) }; -# Generate (random) salt, with a (random) length of 24 to 31 bytes. +# Generate a (random) 4 bytes salt. We only generates 4 bytes here to +# match the other way to hash & salt passwords (`slappasswd' and the +# RoundCube passwords). sub make_salt { - my $len = 31 - int( rand(8) ); + my $len = 4; my @bytes = (); for my $i ( 1 .. $len ) { push( @bytes, rand(255) ); @@ -87,11 +89,6 @@ sub make_salt { return pack( 'C*', @bytes ); } -sub random_string { - my ($len, $range) = @_; - return join '', @$range[ map {rand $#$range} (1..$len) ]; -} - # Add trailing `='s to the input string to ensure its length is a # multiple of 4. @@ -107,9 +104,9 @@ sub pad_base64 { # Our policy for automatically generated passwords. sub mkpasswd { return String::MkPasswd::mkpasswd( - -length => 20, - -minnum => 5, - -minspecial => 3 + -length => 12, + -minnum => 2, + -minspecial => 1 ); } diff --git a/lib/Fripost/Prompt.pm b/lib/Fripost/Prompt.pm index 4f71faf..0edc22f 100755 --- a/lib/Fripost/Prompt.pm +++ b/lib/Fripost/Prompt.pm @@ -58,7 +58,7 @@ sub prompt_email { unless (Email::Valid->address($email)) { undef $email; - say "This is not a valid e-mail address. Try again." + say "Error: This is not a valid e-mail address. Try again." } } until (defined $email); @@ -72,11 +72,19 @@ sub prompt_password { my $password; do { - $password = prompt -in => \*STDIN, -out => \*STDOUT, $msg, -echo => '*'; - my $confirm = prompt -in => \*STDIN, -out => \*STDOUT, $msg2, -echo => '*'; - unless ($password eq $confirm) { + $password = prompt -in => \*STDIN, -out => \*STDOUT, + $msg, -echo => '*'; + if ($password ne '' and length $password < 12) { undef $password; - say "Passwords do not match"; + say STDERR "Error: Passwords have to be at least 12 characters long."; + } + else { + my $confirm = prompt -in => \*STDIN, -out => \*STDOUT, + $msg2, -echo => '*'; + unless ($password eq $confirm) { + undef $password; + say STDERR "Error: Passwords do not match"; + } } } until (defined $password); -- cgit v1.2.3