/// <summary> /// Takes in an encrypted pw and calculates its strength => return list of tips and blackList status. /// </summary> /// <param name="pw"></param> /// <returns></returns> public static double CalculatePasswordStrength(byte[] encryptedPw, out HashSet <string> resultTips, out bool isBlackListed) { // Load in the pw blacklist isBlackListed = false; resultTips = new HashSet <string>(); var pw = ByteHelper.ByteArrayToString(CryptMemoryProtection.DecryptInMemoryData(encryptedPw)); double passwordStrengthValue = 1; if (!pw.Any(c => char.IsUpper(c))) { passwordStrengthValue -= 0.25; resultTips.Add("The password doesn't contain upper case characters."); } if (!pw.Any(c => char.IsDigit(c))) { passwordStrengthValue -= 0.25; resultTips.Add("The password doesn't contain digits."); } if (pw.Length < 12) { passwordStrengthValue -= 0.50; resultTips.Add("The password is too short. It should be at least 12 characters long."); } if (!WellKnownSpecialCharacters.ContainsSpecialCharacters(pw)) { passwordStrengthValue -= 0.25; resultTips.Add("The password doesn't contain special characters."); } if (PasswordBlackList.GetBlackList().Contains(pw)) { passwordStrengthValue -= 1; isBlackListed = true; resultTips.Add("This password has already been leaked and is widely spread on the internet - combined with it's hash. It is not save."); } // We do not want a "negative" value password strength if (passwordStrengthValue <= 0) { passwordStrengthValue = 0.1; } if (isBlackListed) { passwordStrengthValue = 0; } pw = string.Empty; return(passwordStrengthValue); }
private void Register_Button_Click(object sender, RoutedEventArgs e) { try { Reset(); var currentPw = string.Empty; var currentReenteredPw = string.Empty; if (_pwIsVisible) { currentPw = Master_VisibleTextbox.Text; currentReenteredPw = MasterReentered_Textbox.Text; } else { currentPw = Master_PasswordBox.Password; currentReenteredPw = MasterReentered_PasswordBox.Password; } // Check if all criteria are correct if (Info_Checkbox.IsChecked == false) { Output_Textblock.Text = "You need to varify first that you have read the text on the left."; Info_Checkbox.Foreground = Brushes.Red; return; } if (FortressName_Textbox.Text == string.Empty) { Output_Textblock.Text = "You need to name your fortress."; FortressName_Textbox.BorderBrush = Brushes.Red; return; } if (WellKnownSpecialCharacters.ContainsSpecialCharacters(FortressName_Textbox.Text)) { Output_Textblock.Text = "Special characters in the name are not allowed."; FortressName_Textbox.BorderBrush = Brushes.Red; return; } if (currentPw.Length < 8 || !(currentPw.Any(char.IsUpper)) || !(currentPw.Any(char.IsDigit))) { Output_Textblock.Text = "The masterkey has to match the following criteria: Minumum 8 characters long; Contain at least one upper case character and one digit."; Master_PasswordBox.Foreground = Brushes.Red; Master_VisibleTextbox.Foreground = Brushes.Red; return; } if (currentReenteredPw != currentPw) { Output_Textblock.Text = "Masterkey doesn't match the reentered one."; MasterReentered_PasswordBox.Foreground = Brushes.Red; MasterReentered_Textbox.Foreground = Brushes.Red; return; } // If they are - continue to make the fortress. var aesHelper = new AesHelper(); var salt = aesHelper.GenerateSalt(); var hashedKey = aesHelper.CreateKey(Master_PasswordBox.Password, 256, salt); var fullPath = string.Empty; // If the user has entered a custom path -> Disabled for now if (_fullPath != string.Empty) { fullPath = $"{_fullPath}\\{FortressName_Textbox.Text}"; } else // else use the default. { fullPath = $"{IOPathHelper.GetDefaultFortressDirectory()}\\{FortressName_Textbox.Text}"; } var name = "NOT GIVEN"; var lastName = "NOT GIVEN"; var userName = "******"; var eMail = "*****@*****.**"; var fortress = new Fortress(salt, hashedKey, fullPath, name, lastName, userName, eMail); DataAccessService.Instance.CreateNewFortress(fortress); // Create the new fortress. ClearPasswords(); Navigation.LoginManagementInstance.LoadFortresses(); // Refresh the list. Communication.InformUser($"{FortressName_Textbox.Text} has been successfully built."); } catch (Exception ex) { ClearPasswords(); Logger.log.Error($"Error while trying to register a new fortress: {ex}"); ex.SetUserMessage("There was a problem creating the fortress. The given passwords have been flushed out of memory."); Communication.InformUserAboutError(ex); } }