Skip to content

Instantly share code, notes, and snippets.

@tracker1
tracker1 / Password References.md
Created Apr 19, 2021 — forked from technion/Password References.md
A set of references on modern password policies
View Password References.md

References on modern password policies

Below links provide source, reference link and relevant quote

Standards

NIST

https://github.com/usnistgov/800-63-3/blob/nist-pages/sp800-63b/sec5_authenticators.md

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

Major organisations

View hash-passphrase.js
import util from 'util';
import crypto from 'crypto';
const HASH_ALGO = 'sha512';
// nist recommends 10000, 10x nist, approx 83ms on i7-8650U
const HASH_ITERATIONS = 100000;
const HASH_SALT_BYTES = 16; // Exceeds NIST Minimum 32/8 (4 bytes)
const HASH_BYTES = 64; // Match Hash Algorithm lengh / bits (512 / 8);
View sanitize-html-browser.js
function sanitizeHtml(input) {
if (typeof input !== 'string') return input;
if (input.indexOf('<') === -1) return input;
const div = document.createElement('div');
div.innerHTML = input;
div.querySelectorAll('script').forEach((el) => el.remove());
div.querySelectorAll('style').forEach((el) => el.remove());
div.querySelectorAll('*').forEach((el) => {
const events = el.getAttributeNames().filter((a) => a.indexOf('on') === 0);
@tracker1
tracker1 / text.dat.js
Created Jun 15, 2020
Synchronet Default text.dat as JavaScript
View text.dat.js
// save to (exec/mods)/text.dat.js - at the top of login/login/shell files, load('text.dat.js')
bbs.replace_text(/* MsgSubj */ 1, "\1n\1h\1c\xda\xc4\xc4\xc4\xc4\xc4\xc4\1n\xc4\xc4\xc4\xc4\xc4\xc4\1h\1k\xc4\xc4\xc4\xc4\xc4\xc4\xc4\1n\1c\xc4\xc4\xc4\xc4\xc4\xfa\xfa\xfa\xfa\r\n\1h\xb3 \1bSubj\1n\1b: \1h\1c%.70s");
bbs.replace_text(/* MsgAttr */ 2, "\r\n\xb3 \1bAttr\1n\1b: \1h\1c%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s");
bbs.replace_text(/* MsgTo */ 3, "\r\n\xb3 \1bTo \1n\1b: \1h\1c%.70s");
bbs.replace_text(/* MsgToExt */ 4, " #%s");
bbs.replace_text(/* MsgToNet */ 5, " (%.40s)");
bbs.replace_text(/* MsgFrom */ 6, "\r\n\1w\xb3 \1bFrom\1n\1b: \1h\1c%.33s");
bbs.replace_text(/* MsgFromExt */ 7, " #%s");
bbs.replace_text(/* MsgFromNet */ 8, " (%.35s)");
bbs.replace_text(/* MsgDate */ 9, "\r\n\1w\xb3 \1bDate\1n\1b: \1h\1c%.24s %s (%s)\r\n\1w\xc0\xc4\xc4\xc4\xc4\xc4\xc4\1c\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4\1n\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4\1h\1k\xc4\xc4\xc4\xc4\xc4\xc4\xc4\xc4\1n\1c\xc4\xc4\xc4\xc4\xc4\xc4\xc4\
View .eslintrc.js
module.exports = {
parser: 'babel-eslint',
extends: ['plugin:prettier/recommended', 'prettier/react'],
plugins: ['prettier', 'jest'],
parserOptions: {
sourceType: 'module',
ecmaVersion: 2020,
ecmaFeatures: {
jsx: true,
},
@tracker1
tracker1 / settings.json
Created May 6, 2020
vs code settings for synchronet /sbbs/.vscode/settings.json
View settings.json
{
"editor.rulers": [
76,
80
],
"editor.tabSize": 2,
"editor.renderControlCharacters": true,
"files.encoding": "cp437",
"files.associations": {
"*.ssjs": "javascript"
@tracker1
tracker1 / load-component-import.js
Created May 6, 2020
Code Splitting via lazy import with React
View load-component-import.js
/*
/feature/load-component-import.js
This is used by any async loading areas of the application
import load from '../load-component-import.js';
const FooComponentAsync = load(() => import('./FooComponent'))';
*/
import React, { Suspense } from 'react';
@tracker1
tracker1 / precheck.js
Created Mar 28, 2020
Modern browser SPA precheck.js
View precheck.js
// precheck
try {
eval('(function() { async _ => _; })();');
if (typeof fetch !== 'function') throw new Error('No fetch api');
} catch (e) {
// render unsupported message in half a second - after error trap
window.setTimeout(function() {
// fallback render for development
var body = document.getElementsByTagName('body')[0];
body.className = 'message';
@tracker1
tracker1 / settings.json
Created Mar 21, 2020
/sbbs/.vscode/settigns.json - Synchronet config for editing with VS Code.
View settings.json
{
"editor.rulers": [
76,
80
],
"editor.tabSize": 2,
"editor.renderControlCharacters": true,
"files.encoding": "cp437",
"files.associations": {
"*.ssjs": "javascript"
@tracker1
tracker1 / future.js
Last active Feb 3, 2020
Node Promise + EventEmitter
View future.js
module.exports = () => {
// break resolve and reject out of a promise
let resolve, reject;
const promise = new Promise((res, rej) => {
resolve = res;
reject = rej;
});
// return as a future
return {