1. HILIS4.git
  2. templates
  3. user
  4. password_strength.tt
 RSS Git Download  Clone
Raw Blame History 
[%
    content_only = 1;
    passwd_check = c.session.param('password_strength'); # INCLUDE dumper.tt dump = passwd_check;
    results = passwd_check.results; # INCLUDE dumper.tt dump = results;
    # c.debug("==== deleting session.password_strength ====");
    suppress_output = c.session.clear('password_strength'); # or it prints to screen
%]
<!-- BEGIN [% component.name %] -->
<div class="password_check">
    [%  score = passwd_check.score;
        class = score < 2
        ? 'error'
        : score < 3
            ? 'warning'
            : 'info';
    %]
    <p>
        <strong>Password strength assessment:</strong>
        <span class="[% class %]">[% results.strength_summary %]</span>
        [% div_name = 'report'; INCLUDE site/snippets/toggleview.tt %]
    </p>
    <div class="itemhidden" id="[% div_name %]">
        <div>
            <div>Password length: [% results.password_length %] characters</div>
            <div>Estimated number of guesses to crack: [%
                IF results.guesses_int < 100; 'not many'; # possible security risk in displaying it ?
                ELSIF results.guesses_int < 1000000; results.guesses_int; # < 100_000
                ELSIF results.guesses_int < 1000000000; results.guesses_num2en; # < billion
                ELSE; USE Math; '10<sup>'; Math.int(results.guesses_log10); '</sup>';
                END %]
            </div>
        </div>
        <p class="spacer"></p>
        <div>Estimated crack-times:</div>
            [% ct = results.estimated_crack_times %]
        <div class="indent">
          <div>
            Online attack (10/sec): <strong>[% ct.online.unthrottled %]</strong>
          </div>
          <!--
          <div class="indent">Online attack, rate-limited (100/hr):
            <strong>[% ct.online.rate_limited %]</strong></div>
          -->
          <div>
            <!-- slow-hash eg bcrypt, scrypt, PBKDF2 -->
            Offline attack against strongly encrypted passwords (10 thousand/sec):
            <strong>[% ct.offline.slow_hash %]</strong>
          </div>
          <div>
            <!-- fast-hash eg SHA-1, SHA-256 or MD5 -->
            Offline attack against weakly encrypted passwords (10 billion/sec):
            <strong>[% ct.offline.fast_hash %]</strong>
          </div>
          [% # also have online throttled attack & offline against fast-hash passwords: %]
        </div>
        [% IF passwd_check.feedback.warning # str %]
          <p class="spacer"></p>
          <div>Warning:</div>
          <div class="indent"div>[% passwd_check.feedback.warning %]</div>
        [% END %]
        [% IF passwd_check.feedback.suggestions.size # array %]
          <p class="spacer"></p>
          <div>Suggestions:</div>
            [% FOREACH i IN passwd_check.feedback.suggestions %]
                <div class="indent">[% i %]</div>
            [% END %]
        [% END %]
        [% IF passwd_check.score < 3 %]
            <p class="spacer"></p>
            <div>Recommendation:
                <a href="[% app_url %]/user/change_password">CHANGE YOUR PASSWORD</a>
            </div>
        [% END %]
    </div>
</div>
<!-- END [% component.name %] -->