ElkArte Community

Extending Elk => Addons => Topic started by: Spuds on April 17, 2014, 12:44:37 pm

Title: [ADDON] Password Strength
Post by: Spuds on April 17, 2014, 12:44:37 pm
This adds a password strength indicator to password fields and can be used to require a minimal level.  This is not an ordinary strength check where it checks for some extra characters or upper / lower characters, but instead is a realistic password strength estimation for a given password to stand up to a real attack.  https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Password Entropy Version 1.1.0

License
This ElkArte addon is released under a MPL V1.1 license, a copy of it with its provisions is included with the package.
This addon uses the zxcvbn-php (https://github.com/bjeavons/zxcvbn-php) library which is released under the The MIT License (MIT)

Introduction
This measures the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.

Unlike basic entropy checks which grades based on the set of symbols (a-zA-Z0-9etc) in potential use at each position, this goes further and takes in to account patterns that people will tend to follow and also compares entered passwords against a list of know common passwords that are in use and theretofore vulnerable to attacks.

Features
o Enable or disable the addon from the control panel
o Require users to enter a password that meets a set threshold (good/strong/etc)
o Show a strength meter on most pages where a password can be reset (profile, authentication, registration)
o Hovering over the password meter will show the estimated time for a computer to crack a given password with a brute force attack

Repository / Download
http://addons.elkarte.net/security/Password-Entropy.html
Title: Re: [ADDON] Password Strength
Post by: GamePersia on May 08, 2014, 02:19:36 am
Just 2 doubts,..
can this mod or say all mods present here work if ElkArte is not been installed on smf ??
Ans secondly can we install ElkArte in we already installed simple portal ??
Title: Re: [ADDON] Password Strength
Post by: emanuele on May 08, 2014, 02:38:39 am
Hello GamePersia and welcome around! :)

I'm not entirely sure I understand your questions. I can sat that ElkArte is something to use instead of SMF, not to install into SMF.
That said, the only issue that may come to my mind is that using OpenImporter to convert from SMF to ElkArte it's not going to move the SimplePortal tables, so you'd have to do that part by hands.

@TE what do you think: would be possible to add an optional import for mods tables? Dunno, something like an option: "Import all other tables with the same prefix to ElkArte"?
Title: Re: [ADDON] Password Strength
Post by: GamePersia on May 08, 2014, 04:32:47 am
Quote from: emanuele – Hello GamePersia and welcome around! :)

I'm not entirely sure I understand your questions. I can sat that ElkArte is something to use instead of SMF, not to install into SMF.
That said, the only issue that may come to my mind is that using OpenImporter to convert from SMF to ElkArte it's not going to move the SimplePortal tables, so you'd have to do that part by hands.

Oh,..got it...
so we cannot install ElkArte into smf,..rather it's another forum like smf !!  :P
but can we use the mods for ElkArte on smf ??  :o
Title: Re: [ADDON] Password Strength
Post by: Spuds on May 08, 2014, 11:37:00 am
Quoteso we cannot install ElkArte into smf,..rather it's another forum like smf !!  :P
Yes
Quotebut can we use the mods for ElkArte on smf ??  :o
No, ElkArte addons will not directly work with SMF
Title: Re: [ADDON] Password Strength
Post by: TE on May 09, 2014, 12:11:26 am
Quote from: emanuele – @TE what do you think: would be possible to add an optional import for mods tables? Dunno, something like an option: "Import all other tables with the same prefix to ElkArte"?
yep, sure.. Not automated, but you just need to create another step with the releated queries in import_smf2.xml ..
Title: Re: [ADDON] Password Strength
Post by: P2P on November 08, 2014, 05:26:25 am
Help!

With me there is nowhere option to enable the hook :(

sorry for my english

Title: Re: [ADDON] Password Strength
Post by: Spuds on November 08, 2014, 09:32:50 am
It should have installed it under registration settings ...  ?action=admin;area=regcenter;sa=pwentropy
Title: Re: [ADDON] Password Strength
Post by: P2P on November 08, 2014, 02:16:51 pm
It's not in the settings of registration.. :(
Title: Re: [ADDON] Password Strength
Post by: P2P on November 09, 2014, 02:49:55 pm
UP POST.. Help me
Title: Re: [ADDON] Password Strength
Post by: Adrek on November 09, 2014, 03:31:50 pm
First thing that I found is that filenames (Pwentropy.subs.php, Pwentropy.controller.php, Pwentropy.class.php) are starting from BIG letter, while in package-info.xml in hooks instructions  they are lowercase, so hooks are not loaded.

Second:
In file Pwentropy.subs.php
Code: [Select]
'enabled' => !empty($modSettings['pwentropy_enabled']),
needs to be
Code: [Select]
'enabled' => true,

otherwise tab in menu will not be visible.

Also in file Pwentropy.subs.php in function imr_pwentropy() this code needs to be removed, because with it subaction with settings page does not work:
Code: [Select]
	if (empty($modSettings['pwentropy_enabled']))
return;


//edit:
but there is still error when I'm typing password on registration page:
QuoteError : SyntaxError: Unexpected end of input
Title: Re: [ADDON] Password Strength
Post by: Spuds on November 09, 2014, 05:10:57 pm
/me blames Bill Gates
Title: Re: [ADDON] Password Strength
Post by: P2P on November 09, 2014, 06:44:46 pm
@ Spuds - will fix?
Title: Re: [ADDON] Password Strength
Post by: Spuds on November 09, 2014, 09:09:29 pm
Yup I'll get to it tomorrow for sure, been having to working on some other things the last couple of days.
Title: Re: [ADDON] Password Strength
Post by: P2P on November 10, 2014, 06:57:59 am
thanks to Spuds :)
Title: Re: [ADDON] Password Strength
Post by: Spuds on November 10, 2014, 03:49:09 pm
I've just updated the link, give the new file a try.   Basically it was what @phantom posted.  Also it seems *nix was not liking the file include with a backwards slash, that one was not really my fault  O:-)
Title: Re: [ADDON] Password Strength
Post by: Adrek on November 10, 2014, 04:36:54 pm
Thanks for update :)
Title: Re: [ADDON] Password Strength
Post by: P2P on November 10, 2014, 06:04:47 pm
Thanks Spuds.
Title: Re: [ADDON] Password Strength
Post by: Spuds on November 26, 2017, 05:51:40 pm
Updated package to support ElkArte 1.1
Title: Re: [ADDON] Password Strength
Post by: Spuds on May 04, 2021, 01:25:09 pm
Updated to use latest version of zxcvbn library.  Fixed a couple of other small format issues on 1.1.