Friday, February 27, 2015

HTML and Javascript Password App Working Environment

I am developing experimental hashing and encryption software as html javascript apps.

One example is the passgen-min.html password generator which allows one to generate passwords on the fly from site URLs and a key. That allows you retrieve password without ever storing them.

A second app which is under development will be a simple page that returns previously encrypted passages (passwords) by typing in the key used to create them.

All apps are intended to be self-contained so no internet connection is needed to run them, and thus are less susceptible to hacking.

Files 

You can send all these via email and download at the receiver's end, and load the html file in a browser.

Main page and all you really need: passgen-min_1_8.html
To customize for easier use sites and userids can be defined in: private.js
Favicon: favicon.ico

File Locations

My primary work files are now in the downloads/Password area (local to chromebook) and are edited and tested there.

Backups are made by zipping that directory and placing in the Google Drive/My Drive directory. Zipped files appear as separate drives in the Chromebook file app.

Develop on Chromebook

 Edit and test on my Acer CB-111 Chromebook.

You need to run (by double-clicking the html file) and edit files in the Downloads directory in order to make javascripts load right from <script> tagged src= statements in html files.

Double-click html files to bring up in browser for testing.

Right click file to edit and choose open in caret editor.

Deploy on other devices by downloading html and opening in browser.

When testing is complete move the password directory back to My Drive.
Posted by at No comments:

Monday, February 23, 2015

Keeping Track of Javascript and HTML Files

VPS ocean1.zouck.org


Working Files in /home/henry/cgi


henry@ocean1:~$ tree cgi
cgi
├── enc-base64-min.js
├── hashlib.js
├── hashlibmin.js
├── passgen.html
├── passgen.html.ckpt
├── passgen-min_1_0.html
├── passgen-min_1_1.html
├── passgen-min.html
├── script.js
├── sha1.js
├── sha256.js
└── sjcl.js


Archiving Working Files to Dropbox


henry@ocean1:~$ tar cvf passgen.tar cgi
cgi/
cgi/passgen-min_1_1.html
cgi/sjcl.js
cgi/hashlibmin.js
cgi/passgen.html
cgi/hashlib.js
cgi/passgen.html.ckpt
cgi/passgen-min_1_0.html
cgi/passgen-min.html
cgi/sha1.js
cgi/enc-base64-min.js
cgi/script.js
cgi/sha256.js

henry@ocean1:~$ cp passgen.tar Dropbox/Password\ Stuff\ home/
henry@ocean1:~$


Apache Web Server Main Directory


henry@ocean1:~$ tree /var/www/html
/var/www/html
├── index.html -> /home/henry/cgi/passgen-min_1_0.html
├── index.html.bu
├── info.php
└── passgen-min_1_0.html -> /home/henry/cgi/passgen-min_1_0.html


Posted by at No comments:

Hashing to Create Passwords

An alternative to storing passwords in an encrypted password safe is generating them as needed by hashing some unique but openly known string like a web URL (“google.com”) catenated with a secret “master password”. That way only one master password is needed for any number of site passwords, which are each computed from the master password and the unique string.  Nothing secret is stored in a file, eliminating some vulnerabilities.
This idea is implemented in several currently available extensions and web sites, but I developed my own so I would know exactly what the code is doing and work around problems with the apps getting the URL wrong.
My web app is a single html file which can be stand alone where all javascript library code is embedded in the file as <script> elements with minified javascript code, or it can be configured to load external javascript files. The file can be stored anywhere a browser can access it.
The unique strings (URLs are convenient strings) are stored in the html file as a javascript 2-dimensional array (with URL and user id), and must be edited to add and remove sites.
Currently I store the html and supporting javascript files in Dropbox as a tar file (passgen.tar.)
The self-contained html file is called passgen-min.html, while the other is passgen.html, and it requires the separate javascript files sha1.js, sha256.js and enc-base64-min.js.
Right now the web app can be accessed on my Digital Ocean VPS.

Usage



Any of the following ways can be used to run the web app:

If you are connected to the internet
Go to my web site ocean1.zouck.org on any browser.

If you are not connected (but can connect at least once)
Save the html file passgen-min.html to local storage in android, then install the Open-in-browser app. Then if you have saved the file in downloads, you can simply click it and select open in browser.
On chromebook, save in local storage, then double click from file browser.


Figure 1. Screen Shot of Web App

Posted by at No comments:
Subscribe to: Comments (Atom)