diff --git a/src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java b/src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java index eb9bd11e4..15d0f16da 100644 --- a/src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java +++ b/src/main/java/org/owasp/webgoat/lessons/PasswordStrength.java @@ -59,153 +59,154 @@ import org.owasp.webgoat.session.WebSession; public class PasswordStrength extends LessonAdapter { - private Map passwords = new TreeMap() {{ - put("pass1", new Password("123456", "seconds", "0", "dictionary based, in top 10 most used passwords")); - put("pass2", new Password("abzfezd", "seconds", "2", "26 chars on 7 positions, 8 billion possible combinations")); - put("pass3", new Password("a9z1ezd", "seconds", "19", "26 + 10 chars on 7 positions = 78 billion possible combinations")); - put("pass4", new Password("aB8fEzDq", "hours", "15", "26 + 26 + 10 chars on 8 positions = 218 trillion possible combinations")); - put("pass5", new Password("z8!E?7D$", "days", "20", "96 chars on 8 positions = 66 quintillion possible combinations")); - put("pass6", new Password("My 1st Password!: Redd", "septillion years", "322", "96 chars on 22 positions = 40 tredecillion possible combinations")); - }}; - - private class Password { - - String password; - String timeUnit; - String answer; - private String explanation; - - public Password(String password, String timeUnit, String answer, String explanation) { - this.password = password; - this.timeUnit = timeUnit; - this.answer = answer; - this.explanation = explanation; - } - } - - private boolean checkSolution(WebSession s) throws ParameterNotFoundException { - boolean allCorrect = true; - for ( int i = 1; i <= passwords.size(); i++ ) { - String key = "pass" + i; - allCorrect = allCorrect && s.getParser().getStringParameter(key, "").equals(passwords.get(key).answer); - } - return allCorrect; - } + private Map passwords = new TreeMap() {{ + put("pass1", new Password("123456", "seconds", "0", "dictionary based, in top 10 most used passwords")); + put("pass2", new Password("abzfezd", "seconds", "2", "26 chars on 7 positions, 8 billion possible combinations")); + put("pass3", new Password("a9z1ezd", "seconds", "19", "26 + 10 chars on 7 positions = 78 billion possible combinations")); + put("pass4", new Password("aB8fEzDq", "hours", "15", "26 + 26 + 10 chars on 8 positions = 218 trillion possible combinations")); + put("pass5", new Password("z8!E?7D$", "days", "20", "96 chars on 8 positions = 66 quintillion possible combinations")); + put("pass6", new Password("My1stPassword!:Redd", "quintillion years", "364", "96 chars on 19 positions = 46 undecillion possible combinations")); + }}; + + private class Password { + + String password; + String timeUnit; + String answer; + private String explanation; + + public Password(String password, String timeUnit, String answer, String explanation) { + this.password = password; + this.timeUnit = timeUnit; + this.answer = answer; + this.explanation = explanation; + } + } + + private boolean checkSolution(WebSession s) throws ParameterNotFoundException { + boolean allCorrect = true; + for ( int i = 1; i <= passwords.size(); i++ ) { + String key = "pass" + i; + allCorrect = allCorrect && s.getParser().getStringParameter(key, "").equals(passwords.get(key).answer); + } + return allCorrect; + } - /** - * Description of the Method - * - * @param s - * Description of the Parameter - * @return Description of the Return Value - */ - protected Element createContent(WebSession s) - { - ElementContainer ec = new ElementContainer(); + /** + * Description of the Method + * + * @param s + * Description of the Parameter + * @return Description of the Return Value + */ + protected Element createContent(WebSession s) + { + ElementContainer ec = new ElementContainer(); - try - { - if (checkSolution(s)) - { - makeSuccess(s); - ec.addElement(new BR()); - ec.addElement(new StringElement("As a guideline not bound to a single solution.")); - ec.addElement(new BR()); - ec.addElement(new StringElement("Assuming the calculations per second 4 billion: ")); - ec.addElement(new BR()); - OL ol = new OL(); - for ( Password password : passwords.values()) { - ol.addElement(new LI(String.format("%s - %s %s (%s)", password.password, password.answer, password.timeUnit, password.explanation))); - } - ec.addElement(ol); - } else - { - ec.addElement(new BR()); - ec.addElement(new StringElement("How much time would a desktop PC take to crack these passwords?")); - ec.addElement(new BR()); - ec.addElement(new BR()); - Table table = new Table(); - for ( Entry entry : passwords.entrySet()) { - TR tr = new TR(); - TD td1 = new TD(); - TD td2 = new TD(); - Input input1 = new Input(Input.TEXT, entry.getKey(), ""); - td1.addElement(new StringElement("Password = " + entry.getValue().password)); - td2.addElement(input1); - td2.addElement(new StringElement(" " + entry.getValue().timeUnit)); - tr.addElement(td1); - tr.addElement(td2); - table.addElement(tr); - } - ec.addElement(table); - ec.addElement(new BR()); - ec.addElement(new BR()); - Div div = new Div(); - div.addAttribute("align", "center"); - Element b = ECSFactory.makeButton("Go!"); - div.addElement(b); - ec.addElement(div); - } - } catch (Exception e) - { - s.setMessage("Error generating " + this.getClass().getName()); - e.printStackTrace(); - } + try + { + if (checkSolution(s)) + { + makeSuccess(s); + ec.addElement(new BR()); + ec.addElement(new StringElement("As a guideline not bound to a single solution.")); + ec.addElement(new BR()); + ec.addElement(new StringElement("Assuming the calculations per second 4 billion: ")); + ec.addElement(new BR()); + OL ol = new OL(); + for ( Password password : passwords.values()) { + ol.addElement(new LI(String.format("%s - %s %s (%s)", password.password, password.answer, password.timeUnit, password.explanation))); + } + ec.addElement(ol); + } else + { + ec.addElement(new BR()); + ec.addElement(new StringElement("How much time would a desktop PC take to crack these passwords?")); + ec.addElement(new BR()); + ec.addElement(new BR()); + Table table = new Table(); + for ( Entry entry : passwords.entrySet()) { + TR tr = new TR(); + TD td1 = new TD(); + TD td2 = new TD(); + Input input1 = new Input(Input.TEXT, entry.getKey(), ""); + td1.addElement(new StringElement("Password = " + entry.getValue().password)); + td1.setWidth("50%"); + td2.addElement(input1); + td2.addElement(new StringElement(" " + entry.getValue().timeUnit)); + tr.addElement(td1); + tr.addElement(td2); + table.addElement(tr); + } + ec.addElement(table); + ec.addElement(new BR()); + ec.addElement(new BR()); + Div div = new Div(); + div.addAttribute("align", "center"); + Element b = ECSFactory.makeButton("Go!"); + div.addElement(b); + ec.addElement(div); + } + } catch (Exception e) + { + s.setMessage("Error generating " + this.getClass().getName()); + e.printStackTrace(); + } - return (ec); - } + return (ec); + } - /** - * Gets the hints attribute of the HelloScreen object - * - * @return The hints value - */ - public List getHints(WebSession s) - { - List hints = new ArrayList(); - hints.add("Copy the passwords into the code checker."); - return hints; - } + /** + * Gets the hints attribute of the HelloScreen object + * + * @return The hints value + */ + public List getHints(WebSession s) + { + List hints = new ArrayList(); + hints.add("Copy the passwords into the code checker."); + return hints; + } - /** - * Gets the ranking attribute of the HelloScreen object - * - * @return The ranking value - */ - private final static Integer DEFAULT_RANKING = new Integer(6); + /** + * Gets the ranking attribute of the HelloScreen object + * + * @return The ranking value + */ + private final static Integer DEFAULT_RANKING = new Integer(6); - protected Integer getDefaultRanking() - { - return DEFAULT_RANKING; - } + protected Integer getDefaultRanking() + { + return DEFAULT_RANKING; + } - protected Category getDefaultCategory() - { - return Category.AUTHENTICATION; - } + protected Category getDefaultCategory() + { + return Category.AUTHENTICATION; + } - public String getInstructions(WebSession s) - { - String instructions = "The accounts of your web application are only as save as the passwords. " - + "For this exercise, your job is to test several passwords on https://howsecureismypassword.net. " - + " You must test all 6 passwords at the same time...
" - + " On your applications you should set good password requirements! "; - return (instructions); - } + public String getInstructions(WebSession s) + { + String instructions = "The accounts of your web application are only as save as the passwords. " + + "For this exercise, your job is to test several passwords on https://howsecureismypassword.net. " + + " You must test all 6 passwords at the same time...
" + + " On your applications you should set good password requirements! "; + return (instructions); + } - /** - * Gets the title attribute of the HelloScreen object - * - * @return The title value - */ - public String getTitle() - { - return ("Password Strength"); - } + /** + * Gets the title attribute of the HelloScreen object + * + * @return The title value + */ + public String getTitle() + { + return ("Password Strength"); + } - public Element getCredits() - { - return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement("")); - } + public Element getCredits() + { + return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement("")); + } } diff --git a/src/main/webapp/lesson_solutions_1/PasswordStrength.html b/src/main/webapp/lesson_solutions_1/PasswordStrength.html index 7533373f6..39f816477 100644 --- a/src/main/webapp/lesson_solutions_1/PasswordStrength.html +++ b/src/main/webapp/lesson_solutions_1/PasswordStrength.html @@ -31,7 +31,7 @@ Password = abzfezd: 2 seconds
Password = a9z1ezd: 19 seconds
Password = aB8fEzDq: 15 hours
Password = z8!E?7: 20 days
-Password = My 1st Password!: Redd: 322 septillion years
+Password = My1stPassword!:Redd: 364 quintillion years



\ No newline at end of file