|
2 | 2 | {# Copyright The IETF Trust 2015, All Rights Reserved #} |
3 | 3 | {% load origin %} |
4 | 4 |
|
| 5 | + |
5 | 6 | {% load bootstrap3 %} |
6 | 7 | {% load staticfiles %} |
7 | 8 |
|
@@ -40,18 +41,34 @@ <h1>Change password</h1> |
40 | 41 | This password form uses the |
41 | 42 | <a href="https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/">zxcvbn</a> |
42 | 43 | password strength estimator to give an indication of password strength. |
43 | | - The crack times given assume online attack without rate limiting, |
44 | | - at a rate of 10 attempts per second. |
| 44 | + The crack time estimage given above assume online attack without rate |
| 45 | + limiting, at a rate of 10 attempts per second. |
45 | 46 | </div> |
46 | 47 |
|
| 48 | + <h4>Offline cracking</h4> |
47 | 49 | <div class="help-block"> |
48 | | - The datatracker currently uses a <b>{{ hasher.algorithm }}</b>-based |
| 50 | + The datatracker currently uses the <b>{{ hasher.algorithm }}</b> |
49 | 51 | password hasher with |
50 | | - <b>{% if hasher.iterations %}{{ hasher.iterations }} iterations{% else %}{{ hasher.rounds }} rounds{% endif %}</b>. |
51 | | - Calculating offline attack time if password hashes would leak is left |
| 52 | + <b> |
| 53 | + {% if hasher.iterations %} |
| 54 | + {{ hasher.iterations }} iterations |
| 55 | + {% elif hasher.rounds %} |
| 56 | + {{ hasher.rounds }} rounds |
| 57 | + {% elif hasher.time_cost and hasher.memory_cost and hasher.parallelism %} |
| 58 | + time cost {{ hasher.time_cost }}, memory cost {{ hasher.memory_cost }} |
| 59 | + and parallelism {{ hasher.parallelism }} |
| 60 | + {% endif %} |
| 61 | + </b>. |
| 62 | + Calculating offline attack time if password hashes should leak is left |
52 | 63 | as an excercise for the reader. |
53 | 64 | </div> |
54 | | - |
| 65 | + <div class="help-block"> |
| 66 | + <p class="text-muted password_strength_offline_info hidden"> |
| 67 | + As a guideline, if we assume offline hashing using the current hasher |
| 68 | + at a speed of 10<sup>4</sup> attempts per second, this password would |
| 69 | + take <b><em class="password_strength_time"></em></b> to crack. |
| 70 | + </p> |
| 71 | + </div> |
55 | 72 | </div> |
56 | 73 | <div class="col-md-2 col-sm-0"></div> |
57 | 74 | </div> |
|
0 commit comments