Beispiel #1
0
        private void passwordBtn_Click(object sender, EventArgs e)
        {
            if (this.passwordStatus == PasswordStatus.NO_PASSWORD)
            {
                // set venue password

                PasswordForm passwordForm = new PasswordForm();
                DialogResult dr           = passwordForm.ShowDialog();

                if (dr == DialogResult.OK)
                {
                    this.passwordStatus    = passwordForm.PWStatus;
                    this.privateVenueState = GetPrivateVenueState(passwordForm.Password);
                }
            }
            else
            {
                this.passwordStatus    = PasswordStatus.NO_PASSWORD;
                this.privateVenueState = null;
            }

            if (this.passwordStatus == PasswordStatus.NO_PASSWORD)
            {
                this.passwordBtn.Text = Strings.SetPassword;
            }
            else
            {
                this.passwordBtn.Text = Strings.ClearPassword;
            }
        }
Beispiel #2
0
        /// <summary>
        /// Validates the security of a password based on the number
        /// of times it has been breached according to Pwned Passwords.
        /// </summary>
        /// <param name="password">A user password</param>
        /// <returns></returns>
        public PasswordStatus Validate(string password)
        {
            // Use the hash function to get the hash value of the password.
            _hashValue = _hashFunction.GetHashValue(password).Hash + _hashFunction.GetHashValue(password).Salt;
            Console.WriteLine("Hash Value: " + _hashValue); // Demo

            // First 5 characters of the hash value
            string prefix = _hashValue.Substring(0, 5);

            // Full URL address
            Uri uri = new Uri(_url + prefix);

            Console.WriteLine("Url: " + uri); // Demo

            // Http GET request
            Task <string> response       = client.RequestData(uri);
            string        hashlistString = response.Result;

            // Deserialize json into a dictionary<hashValue,counts>
            Dictionary <string, int> hashes = JsonToDictionary(hashlistString);

            // Find the hashvalue in the dictionary
            int hashCount = FindHash(_hashValue.Substring(5), hashes);

            // Check business rules
            PasswordStatus status = PasswordCheckingBR.CheckPasswordCount(hashCount);

            return(status);
        }
Beispiel #3
0
        private void SetStatus(IEnumerable <char> password)
        {
            _status = PasswordStatus.Unknown;

            // If the password is all placeholder characters that's fine - use the saved hash, but if it's a mix
            // of placeholder and other characters then the user tried to modify it, so return a validation error.

            foreach (char c in password)
            {
                if (c == PasswordPlaceholderChar)
                {
                    if (_status == PasswordStatus.Real)
                    {
                        _status = PasswordStatus.PlaceholderModified;
                        break;
                    }

                    _status = PasswordStatus.Placeholder;
                }
                else if (_status == PasswordStatus.Placeholder)
                {
                    _status = PasswordStatus.PlaceholderModified;
                    break;
                }
                else
                {
                    _status = PasswordStatus.Real;
                }
            }
        }
Beispiel #4
0
        public void IsPasswordSafe_UnsafePasswordFail_ReturnMatchingObjectValues()
        {
            PasswordStatus expected = new PasswordStatus(2, "Password is unsafe! Use a different password!");
            PasswordStatus actual   = vManager.IsPasswordSafe("oiwge80q92uen").Result;

            Assert.AreNotEqual(expected.Status, actual.Status);
            Assert.AreNotEqual(expected.Message, actual.Message);
        }
Beispiel #5
0
        public void IsPasswordSafe_AcceptablePasswordFail_ReturnMatchingObjectValues()
        {
            PasswordStatus expected = new PasswordStatus(1, "Password has been breached a few times before! We recommend you change your password!");
            PasswordStatus actual   = vManager.IsPasswordSafe("password123").Result;

            Assert.AreNotEqual(expected.Status, actual.Status);
            Assert.AreNotEqual(expected.Message, actual.Message);
        }
Beispiel #6
0
        public void IsPasswordSafe_SafePasswordFail_ReturnMatchingObjectValues()
        {
            PasswordStatus expected = new PasswordStatus(0, "Password is safe to use!");
            PasswordStatus actual   = vManager.IsPasswordSafe("password123").Result;

            Assert.AreNotEqual(expected.Status, actual.Status);
            Assert.AreNotEqual(expected.Message, actual.Message);
        }
Beispiel #7
0
        public void IsPasswordSafe_SafePasswordSuccess_ReturnMatchingObjectValues()
        {
            PasswordStatus expected = new PasswordStatus(0, "Password is safe to use!");
            PasswordStatus actual   = vManager.IsPasswordSafe("wgui90m24ve28c23").Result;

            Assert.AreEqual(expected.Status, actual.Status);
            Assert.AreEqual(expected.Message, actual.Message);
        }
Beispiel #8
0
        public void StatusOfPassword_Unsafe()
        {
            PasswordStatus expectedStatus = new PasswordStatus(2, "Password is unsafe! Use a different password!");
            PasswordStatus actualStatus   = sCheck.StatusOfPassword("TESTPREFIX:100", "TESTPREFIX");

            Assert.AreEqual(expectedStatus.Status, actualStatus.Status);
            Assert.AreEqual(expectedStatus.Message, actualStatus.Message);
        }
Beispiel #9
0
 public UWVenue(Venue v)
 {
     this.passwordResolved = false;
     this.name             = v.Name;
     this.passwordStatus   = v.PWStatus;
     this.ipEndpoint       = new IPEndPoint(IPAddress.Parse(v.IPAddress.Trim()), v.Port);
     this.identifier       = v.Identifier;
 }
Beispiel #10
0
        public void StatusOfPassword_Dangerous()
        {
            PasswordStatus expectedStatus = new PasswordStatus(1, "Password has been breached a few times before! We recommend you change your password!");
            PasswordStatus actualStatus   = sCheck.StatusOfPassword("TESTPREFIX:10", "TESTPREFIX");

            Assert.AreEqual(expectedStatus.Status, actualStatus.Status);
            Assert.AreEqual(expectedStatus.Message, actualStatus.Message);
        }
Beispiel #11
0
        public void StatusOfPassword_Secured()
        {
            PasswordStatus expectedStatus = new PasswordStatus(0, "Password is safe to use!");
            PasswordStatus actualStatus   = sCheck.StatusOfPassword("TESTPREFIX:100", "NOPREFIXFOUND");

            Assert.AreEqual(expectedStatus.Status, actualStatus.Status);
            Assert.AreEqual(expectedStatus.Message, actualStatus.Message);
        }
Beispiel #12
0
        public void StatusOfPassword_Error()
        {
            PasswordStatus expectedStatus = new PasswordStatus(-1, "An ERROR has occurred with the request while checking password security.");
            PasswordStatus actualStatus   = sCheck.StatusOfPassword("", "");

            Assert.AreEqual(expectedStatus.Status, actualStatus.Status);
            Assert.AreEqual(expectedStatus.Message, actualStatus.Message);
        }
Beispiel #13
0
 private void ComputePasswordStatus()
 {
     if (password == null || password.Trim().Length == 0)
         passwordStatus = PasswordStatus.NO_PASSWORD;
     else if (useEncryption.Checked)
         passwordStatus = PasswordStatus.STRONG_PASSWORD;
     else passwordStatus = PasswordStatus.WEAK_PASSWORD;
 }
Beispiel #14
0
 public int SetPasswordStatus(IntPtr gui, string token, string pin, PasswordStatus status, uint guiid)
 {
     log.DebugFormat("token: {0}, pin: {1}, status: {2}, guiid: {3}", token, pin, status, guiid);
     // if this function is called, sth was wrong with the PIN
     if (status.ToString() != "Ok")
     {
         throw new Exception("wrong pin entered - warning: subsequent wrong entries will have your banking blocked");
     }
     return(0);
 }
Beispiel #15
0
 private void ComputePasswordStatus()
 {
     if (password == null || password.Trim().Length == 0)
     {
         passwordStatus = PasswordStatus.NO_PASSWORD;
     }
     else if (useEncryption.Checked)
     {
         passwordStatus = PasswordStatus.STRONG_PASSWORD;
     }
     else
     {
         passwordStatus = PasswordStatus.WEAK_PASSWORD;
     }
 }
Beispiel #16
0
        private void AccountForm_Load(object sender, EventArgs e)
        {
            ////load form mazimun size from setting
            //int count = Properties.Settings.Default.Resolution.Count;
            //string[] temp_resolution = new string[count];
            //Properties.Settings.Default.Resolution.CopyTo(temp_resolution, 0);
            //int width = int.Parse(temp_resolution[count - 1].Substring(0, temp_resolution[count - 1].IndexOf("x")).Trim()) + 16;
            //int height = int.Parse(temp_resolution[count - 1].Substring(temp_resolution[count - 1].IndexOf("x") + 1).Trim()) + 39;
            //this.MaximumSize = new Size(width, height);

            //load font from setting
            this.Font = Properties.Settings.Default.Font;

            //hide password by default
            this.PasswordTextBox.PasswordChar = '*';
            this._PasswordStatus            = PasswordStatus.Hide;
            this.PasswordStatusButton.Image = Properties.Resources.icons8_eye_32;
        }
Beispiel #17
0
        static void Main(string[] args)
        {
            while (true)
            {
                // Password Input
                Console.Write("\nPassword: "******"Duration: " + sw.ElapsedMilliseconds + " ms");
                Console.WriteLine("End");
                Console.ReadKey(true);
            }
        }
Beispiel #18
0
        private void PasswordStatusButton_Click(object sender, EventArgs e)
        {
            //hide password
            if (this._PasswordStatus == PasswordStatus.Show)
            {
                this.PasswordTextBox.PasswordChar = '*';
                this._PasswordStatus            = PasswordStatus.Hide;
                this.PasswordStatusButton.Image = Properties.Resources.icons8_eye_32;
                return;
            }

            //show password
            if (this._PasswordStatus == PasswordStatus.Hide)
            {
                this.PasswordTextBox.PasswordChar = '\0';
                this._PasswordStatus            = PasswordStatus.Show;
                this.PasswordStatusButton.Image = Properties.Resources.icons8_eye_hide_32;
                return;
            }
        }
Beispiel #19
0
        private void UseSavedHash(IEnumerable <TextBox> textboxes)
        {
            if (string.IsNullOrEmpty(txtHiddenPasswordHash.Value))
            {
                Debug.Fail("The password in the textbox is a placeholder, but no saved hash is stored.");

                _status = PasswordStatus.PlaceholderModified;
                ClearHash();

                return;
            }

            _passwordHash = txtHiddenPasswordHash.Value;

            // Set the placeholder again, otherwise the text will not be persisted between roundtrips
            // for security.

            foreach (TextBox textbox in textboxes)
            {
                SetPasswordText(textbox, textbox.Text);
            }
        }
Beispiel #20
0
        /// <summary>
        /// Checks the security of a password based on the number
        /// of times it has been breached.
        /// </summary>
        /// <param name="count">The breach count of the password</param>
        /// <returns>The password security status</returns>
        public static PasswordStatus CheckPasswordCount(int count)
        {
            PasswordStatus status; // The status of the security of the password.

            if (count == 0)        // The password secure.  It has not been breached.
            {
                status = new PasswordStatus(0);
                Console.WriteLine("Password OK.");
            }
            else if (count == 1) // The password is secure, but has been breached once.
            {
                status = new PasswordStatus(1);
                Console.WriteLine("Password OK, but has been breached once.");
            }
            else // The password is not secure.  It has been breached multiple times.
            {
                status = new PasswordStatus(2);
                Console.WriteLine("Change Password, has been breached " + count + " times.");
            }

            return(status);
        }
Beispiel #21
0
        public VenueEditor(VenueState venueState)
        {
            //
            // Required for Windows Form Designer support
            //
            InitializeComponent();

            iconInput.DefaultIcon = defaultVenueIcon;

            // Show the venue information in the UI
            Venue venueToEdit = venueState.Venue;
            this.nameInput.Text = venueToEdit.Name;
            this.ownerInput.Text = venueToEdit.Identifier;
            this.ipInput.Text = venueToEdit.IPAddress;
            this.portInput.Text = venueToEdit.Port.ToString(CultureInfo.InvariantCulture);
            this.iconInput.IconAsBytes = venueToEdit.Icon;

            this.newAccessList = venueToEdit.AccessList;
            this.original = venueToEdit;

            this.privateVenueState = venueState.PrivateVenueState;
            this.passwordStatus = venueToEdit.PWStatus;
        }
Beispiel #22
0
        public VenueEditor(VenueState venueState)
        {
            //
            // Required for Windows Form Designer support
            //
            InitializeComponent();

            iconInput.DefaultIcon = defaultVenueIcon;

            // Show the venue information in the UI
            Venue venueToEdit = venueState.Venue;

            this.nameInput.Text        = venueToEdit.Name;
            this.ownerInput.Text       = venueToEdit.Identifier;
            this.ipInput.Text          = venueToEdit.IPAddress;
            this.portInput.Text        = venueToEdit.Port.ToString(CultureInfo.InvariantCulture);
            this.iconInput.IconAsBytes = venueToEdit.Icon;

            this.newAccessList = venueToEdit.AccessList;
            this.original      = venueToEdit;

            this.privateVenueState = venueState.PrivateVenueState;
            this.passwordStatus    = venueToEdit.PWStatus;
        }
Beispiel #23
0
 public int SetPasswordStatus(IntPtr gui, string token, string pin, PasswordStatus status, uint guiid)
 {
     log.DebugFormat("token: {0}, pin: {1}, status: {2}", token, pin, status);
     // FIXME find out what this function is used for
     return(0);
 }
Beispiel #24
0
 //needed for serialisation
 public Venue() 
 {
     Port = 5004;
     this.PWStatus = PasswordStatus.NO_PASSWORD;
     this.VenueType = VenueType.STATIC_SINGLE_GROUP;
 }
Beispiel #25
0
 //needed for serialisation
 public Venue()
 {
     Port           = 5004;
     this.PWStatus  = PasswordStatus.NO_PASSWORD;
     this.VenueType = VenueType.STATIC_SINGLE_GROUP;
 }
Beispiel #26
0
 public int SetPasswordStatus(IntPtr gui, string token, string pin, PasswordStatus status, uint guiid)
 {
     log.DebugFormat ("token: {0}, pin: {1}, status: {2}, guiid: {3}", token, pin, status, guiid);
     // if this function is called, sth was wrong with the PIN
     if (status.ToString () != "Ok") {
         throw new Exception ("wrong pin entered - warning: subsequent wrong entries will have your banking blocked");
     }
     return 0;
 }
Beispiel #27
0
 public int SetPasswordStatus(IntPtr gui, string token, string pin, PasswordStatus status, uint guiid)
 {
     log.DebugFormat ("token: {0}, pin: {1}, status: {2}", token, pin, status);
     // FIXME find out what this function is used for
     return 0;
 }
Beispiel #28
0
 public UWVenue(String name, IPEndPoint endpoint)
 {
     this.name           = name;
     this.ipEndpoint     = new IPEndPoint(endpoint.Address, endpoint.Port);
     this.passwordStatus = PasswordStatus.NO_PASSWORD;
 }
Beispiel #29
0
        private void passwordBtn_Click(object sender, EventArgs e)
        {
            if (this.passwordStatus == PasswordStatus.NO_PASSWORD) {
                // set venue password
                
                PasswordForm passwordForm = new PasswordForm();
                DialogResult dr = passwordForm.ShowDialog();

                if (dr == DialogResult.OK) {
                    this.passwordStatus = passwordForm.PWStatus;
                    this.privateVenueState = GetPrivateVenueState(passwordForm.Password);
                }
            }
            else { 
                this.passwordStatus = PasswordStatus.NO_PASSWORD;           
                this.privateVenueState = null;
            }

            if (this.passwordStatus == PasswordStatus.NO_PASSWORD) {
                this.passwordBtn.Text = Strings.SetPassword;
            }
            else {
                this.passwordBtn.Text = Strings.ClearPassword;
            }
        }