| blob | f5dc6c57954f8ace08ccf16e0c094312ec5bec26 |
1 <html>
2 <head>
3 <title>
4 Private data
5 </title>
12 }
17 else
19 };
28 }
30 };
34 };
36 // Combine the PASSWORD with the site SERVERSALT and hash it
37 // Combine this Hash iwth the extra SERVERSALT, and hash them
46 };
48 }
50 // REMEMBER: Set the session cookie BEFORE you hash the password!!!
54 // Dom.storage.enabled must be set!
56 alert('Your browser does not support HTML5 sessionStorage. Set Dom.storage.enabled or try upgrading.');
57 }
60 };
71 else
74 }
76 // Remember to hash the repeat too! Or else it will be send in the clear
85 };
90 };
96 };
105 };
107 };
117 // This hashes the newpassword field!
125 };
130 {
134 else
136 };
137 };
147 // Without cookies, use this
148 // var sessionparm = document.getElementById('SESSIONTICKET');
149 // if(sessionparm) sessionparm.value = sessionticket;
150 // add_cgiparam('a', 'href', "SESSIONTICKET="+sessionticket);
151 // add_cgiparam('form', 'action', "SESSIONTICKET="+sessionticket);
153 };
164 // Without cookies, use this
165 // var sessionparm = document.getElementById('CHALLENGETICKET');
166 // if(sessionparm) sessionparm.value = sessionticket;
167 // add_cgiparam('a', 'href', "CHALLENGETICKET="+sessionticket);
168 // add_cgiparam('form', 'action', "CHALLENGETICKET="+sessionticket);
170 };
177 };
178 </script>
181 /*
182 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
183 * in FIPS 180-1
184 * Version 2.2 Copyright Paul Johnston 2000 - 2009.
185 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
186 * Distributed under the BSD License
187 * See http://pajhome.org.uk/crypt/md5 for details.
188 */
190 /*
191 * Configurable variables. You may need to tweak these to be compatible with
192 * the server-side, but the defaults work in most cases.
193 */
197 /*
198 * These are the functions you'll usually want to call
199 * They take string arguments and return either hex or base-64 encoded strings
200 */
211 /*
212 * Perform a simple self-test to see if the VM is working
213 */
215 {
217 }
219 /*
220 * Calculate the SHA1 of a raw string
221 */
223 {
225 }
227 /*
228 * Calculate the HMAC-SHA1 of a key and some data (raw strings)
229 */
231 {
237 {
240 }
244 }
246 /*
247 * Convert a raw string to a hex string
248 */
250 {
256 {
260 }
262 }
264 /*
265 * Convert a raw string to a base-64 string
266 */
268 {
274 {
279 {
282 }
283 }
285 }
287 /*
288 * Convert a raw string to an arbitrary string encoding
289 */
291 {
296 /* Convert to an array of 16-bit big-endian values, forming the dividend */
299 {
301 }
303 /*
304 * Repeatedly perform a long division. The binary array forms the dividend,
305 * the length of the encoding is the divisor. Once computed, the quotient
306 * forms the dividend for the next step. We stop when the dividend is zero.
307 * All remainders are stored for later use.
308 */
310 {
314 {
320 }
323 }
325 /* Convert the remainders to the output string */
330 /* Append leading zero equivalents */
337 }
339 /*
340 * Encode a string as utf-8.
341 * For efficiency, this assumes the input is valid utf-16.
342 */
344 {
350 {
351 /* Decode utf-16 surrogate pairs */
355 {
357 i++;
358 }
360 /* Encode output as utf-8 */
375 }
377 }
379 /*
380 * Encode a string as utf-16
381 */
383 {
389 }
392 {
398 }
400 /*
401 * Convert a raw string to an array of big-endian words
402 * Characters >255 have their high-byte silently ignored.
403 */
405 {
412 }
414 /*
415 * Convert an array of big-endian words to a string
416 */
418 {
423 }
425 /*
426 * Calculate the SHA-1 of an array of big-endian words, and a bit length
427 */
429 {
430 /* append padding */
442 {
450 {
460 }
467 }
470 }
472 /*
473 * Perform the appropriate triplet combination function for the current
474 * iteration
475 */
477 {
482 }
484 /*
485 * Determine the appropriate additive constant for the current iteration
486 */
488 {
491 }
493 /*
494 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
495 * to work around bugs in some JS interpreters.
496 */
498 {
502 }
504 /*
505 * Bitwise rotate a 32-bit number to the left.
506 */
508 {
510 }
511 </script>
512 </head>
513 <body>
517 <p align=CENTER>Logged in from <script type="text/ssperl" CGI='$LOGINIPADDRESS="" $LOGINPATH=""'>"$LOGINIPADDRESS $LOGINPATH"</script></p>
522 </form>
523 </p>
526 <A NAME="SESSIONTICKETS"><H2 ALIGN="CENTER">SERVER SIDE SESSIONS AND ACCESS CONTROL (LOGIN)</H2></A>
527 <p>
528 An infrastructure for user acount authorization and file access control
529 is available. Each request is matched against a list of URL path patterns.
530 If the request matches, a Session Ticket is required to access the URL.
531 This Session Ticket should be present as a CGI parameter or Cookie:
532 </p>
533 <p>
536 <p>
537 The example implementation stores Session Tickets as files in a local
538 directory. To create Session Tickets, a Login request must be given
540 password. The user name and (singly hashed) password are stored in a
541 PASSWORD ticket with the same name as the user account (name cleaned up
542 for security).
543 </p>
544 <p>
545 The example session model implements 3 functions:
546 <ol>
548 The password is hashed with the user name and server side salt, and then
549 hashed with a Random salt. Client and Server both perform these actions and the
550 Server only grants access if restults are the same. The server side only
551 stores the password hashed with the user name and
552 server side salt. Neither the plain password, nor the hashed password is
553 ever exchanged. Only values hashed with the one-time salt are exchanged.
554 </li>
556 For every access to a restricted URL, the Session Ticket is checked before
557 access is granted. There are three session modes. The first uses a fixed
558 Session Ticket that is stored as a cookie value in the browser (actually,
559 as a sessionStorage value). The second uses only the IP address at login
560 to authenticate requests. The third
561 is a Challenge mode, where the client has to calculate the value of the
562 one-time Session Ticket from a value derived from the password and
563 a random string.
564 </li>
566 A new password is hashed with the user name and server side salt, and
567 then encrypted (XORed)
568 with the old password hashed with the user name and salt. That value is
569 exchanged and XORed with the stored old hashed(salt+password+username).
570 Again, the stored password value is never exchanged unencrypted.
571 </li>
572 </ol>
573 </p>
575 <p>
576 The session authentication mechanism is based on the exchange of ticket
577 identifiers. A ticket identifier is just a string of characters, a name
578 or a random 40 character hexadecimal string. Ticket identifiers should be
579 "safe" filenames (except user names). There are four types of tickets:
580 <ul>
584 <li>IPADDRESS: authetication tokens that allow access based on the IP address of the request</li>
586 </ul>
587 All tickets can have an expiration date in the form of a time duration
589 An absolute time can be given in seconds since the epoch of the server host.
590 </p>
591 <p>
592 A Login page should create a LOGIN ticket file locally and send a
593 server specific SALT, a Random salt, and a LOGIN ticket
594 identifier. The server side compares the username and hashed password,
595 actually hashed(Random salt+hashed(SALT+password)) from the client with
596 the values it calculates from the stored Random salt from the LOGIN
597 ticket and the hashed(SALT+password) from the PASSWORD ticket. If
598 successful, a new SESSION ticket is generated as a hash sum of the LOGIN
599 ticket and the stored password. This SESSION ticket should also be
600 generated by the client and stored as sessionStorage and cookie values
601 as needed. The Username, IP address and Path are available as
602 $LoginUsername, $LoginIPaddress, and $LoginPath, respectively.
603 </p>
604 <p>
605 In the current example implementation, all random values are created as
607 /dev/urandom.
608 </p>
611 <p>
612 For strong security, please use end-to-end encryption. This can be
613 achieved using a VPN (Virtual Private Network), SSH tunnel, or a HTTPS
614 capable server with OpenSSL. The session ticket system of CGIscriptor.pl
615 is intended to be used as a simple authentication mechanism WITHOUT
616 END-TO-END ENCRYPTION. The authenticating mechanism tries to use some
617 simple means to protect the authentication process from eavesdropping.
618 For this it uses a secure hash function, SHA1. For all practial purposes,
619 it is impossible to "decrypt" a SHA1 sum. But this login scheme is
620 only as secure as your browser. Which, in general, is not secure.
621 </p>
622 <p>
623 Humans tend to reuse passwords. A compromise of a site running
624 CGIscriptor.pl could therefore lead to a compromise of user accounts at
625 other sites. Therefore, plain text passwords are never stored, used, or
626 even exchanged. Instead, a server site SALT value is "encrypted" with
627 the plain password and user name, actually, all are concatenated and hashed
628 with a one-way secure hash function (SHA1) into a single string.
629 Whenever the word "password" is used, this hash sum is meant.
630 </p>
631 <p>
632 For the authentication and a change of password, the (old) password
633 is used to "encrypt" a random one-time token or the new password,
634 respectively. For authentication, decryption is not needed, so a secure
635 hash function (SHA1) is used to create a one-way hash sum "encryption".
636 A new password must be decrypted. New passwords are encryped by XORing
637 them with the old password.
638 </p>
642 </body>
643 </html>