warn about short password + nudge towards strong password

README.md

@@ -2,7 +2,7 @@
 
 # StatiCrypt
 
-StatiCrypt uses AES-256 to encrypt your HTML file with your passphrase and return a static page including a password prompt and the javascript decryption logic that you can safely upload anywhere (see [what the page looks like](https://robinmoisson.github.io/staticrypt/example/example_encrypted.html)).
+StatiCrypt uses AES-256 to encrypt your HTML file with your long password and return a static page including a password prompt and the javascript decryption logic that you can safely upload anywhere (see [what the page looks like](https://robinmoisson.github.io/staticrypt/example/example_encrypted.html)).
 
 This means you can **password protect the content of your _public_ static HTML file, without any back-end** - serving it over Netlify, GitHub pages, etc. (see the detail of [how it works](#how-staticrypt-works)).
 
@@ -27,13 +27,13 @@ You can then run it with `npx staticrypt ...`. You can also install globally wit
 **Encrypt a file:** Encrypt `test.html` and create a `test_encrypted.html` file (add `-o my_encrypted_file.html` to change the name of the output file):
 
 ```bash
-staticrypt test.html MY_PASSPHRASE
+staticrypt test.html MY_LONG_PASSWORD
 ```
 
-**Encrypt a file with the passphrase in an environment variable:** set your passphrase in the `STATICRYPT_PASSWORD` environment variable ([`.env` files](https://www.npmjs.com/package/dotenv#usage) are supported):
+**Encrypt a file with the password in an environment variable:** set your long password in the `STATICRYPT_PASSWORD` environment variable ([`.env` files](https://www.npmjs.com/package/dotenv#usage) are supported):
 
 ```bash
-# the passphrase is in the STATICRYPT_PASSWORD env variable
+# the password is in the STATICRYPT_PASSWORD env variable
 staticrypt test.html
 ```
 
@@ -41,25 +41,25 @@ staticrypt test.html
 
 ```bash
 # you can also pass '--share' without specifying the URL to get the `?staticrypt_pwd=...` 
-staticrypt test.html MY_PASSPHRASE --share https://example.com/test_encrypted.html
+staticrypt test.html MY_LONG_PASSWORD --share https://example.com/test_encrypted.html
 # => https://example.com/test_encrypted.html?staticrypt_pwd=5bfbf1343c7257cd7be23ecd74bb37fa2c76d041042654f358b6255baeab898f
 ```
 
 **Encrypt all html files in a directory** and replace them with encrypted versions (`{}` will be replaced with each file name by the `find` command - if you wanted to move the encrypted files to an `encrypted/` directory, you could use `-o encrypted/{}`):
 
 ```bash
-find . -type f -name "*.html" -exec staticrypt {} MY_PASSPHRASE -o {} \;
+find . -type f -name "*.html" -exec staticrypt {} MY_LONG_PASSWORD -o {} \;
 ```
 
 **Encrypt all html files in a directory except** the ones ending in `_encrypted.html`:
 
 ```bash
-find . -type f -name "*.html" -not -name "*_encrypted.html" -exec staticrypt {} MY_PASSPHRASE \;
+find . -type f -name "*.html" -not -name "*_encrypted.html" -exec staticrypt {} MY_LONG_PASSWORD \;
 ```
 
 ### CLI Reference
 
-The passphrase argument is optional if `STATICRYPT_PASSWORD` is set in the environment or `.env` file.
+The password argument is optional if `STATICRYPT_PASSWORD` is set in the environment or `.env` file.
 
     Usage: staticrypt <filename> [<passphrase>] [options]
 
@@ -119,9 +119,11 @@ So it basically encrypts your page and puts everything in a user-friendly way to
 
 ### Is it secure?
 
-Simple answer: your file content has been encrypted with AES-256 (CBC), a popular and strong encryption algorithm, you can now upload it in any public place and no one will be able to read it without the password. So yes, if you used a good password it should be pretty secure.
+Simple answer: your file content has been encrypted with AES-256 (CBC), a popular and strong encryption algorithm, you can now upload it in any public place and no one will be able to read it without the password. So if you used a long, strong password, then yes it should be pretty secure.
 
-That being said, actual security always depends on a number of factors and on the threat model you want to protect against. Because your full encrypted file is accessible client side, brute-force/dictionary attacks would be trivial to do at a really fast pace: **use a long, unusual password**. You can read a discussion on CBC mode and how appropriate it is in the context of StatiCrypt in [#19](https://github.com/robinmoisson/staticrypt/issues/19).
+That being said, actual security always depends on a number of factors and on the threat model you want to protect against. Because your full encrypted file is accessible client side, brute-force/dictionary attacks would be easy to do at a really fast pace: **use a long, unusual password**. We recommend 16+ alphanum characters, [Bitwarden](https://bitwarden.com/) is a great open-source password manager if you don't have one already. 
+
+On the technical aspects: we use AES in CBC mode (see a discussion on why it's appropriate for StatiCrypt in [#19](https://github.com/robinmoisson/staticrypt/issues/19)) and 15k PBKDF2 iterations (it will be 600k when we'll switch to WebCrypto, read a detailed report on why these numbers in [#159](https://github.com/robinmoisson/staticrypt/issues/159)).
 
 **Also, disclaimer:** I am not a cryptographer - the concept is simple and I try my best to implement it correctly but please adjust accordingly: if you are an at-risk activist or have sensitive crypto data to protect, you might want to use something else.
 
@@ -149,9 +151,9 @@ The salt isn't secret, so you don't need to worry about hiding the config file.
 
 ### How does the "Remember me" checkbox work?
 
-The CLI will add a "Remember me" checkbox on the password prompt by default (`--noremember` to disable). If the user checks it, the (salted + hashed) passphrase will be stored in their browser's localStorage and the page will attempt to auto-decrypt when they come back.
+The CLI will add a "Remember me" checkbox on the password prompt by default (`--noremember` to disable). If the user checks it, the (salted + hashed) password will be stored in their browser's localStorage and the page will attempt to auto-decrypt when they come back.
 
-If no value is provided the stored passphrase doesn't expire, you can also give it a value in days for how long should the store value be kept with `-r NUMBER_OF_DAYS`. If the user reconnects to the page after the expiration date the stored value will be cleared.
+If no value is provided the stored password doesn't expire, you can also give it a value in days for how long should the store value be kept with `-r NUMBER_OF_DAYS`. If the user reconnects to the page after the expiration date the stored value will be cleared.
 
 #### "Logging out"
 
@@ -163,14 +165,14 @@ This allows encrypting multiple page on a single domain with the same password:
 
 #### Is the "Remember me" checkbox secure?
 
-In case the value stored in the browser becomes compromised an attacker can decrypt the page, but because it's stored salted and hashed this should still protect against password reuse attacks if you've used the passphrase on other websites (of course, please use a unique passphrase nonetheless).
+In case the value stored in the browser becomes compromised an attacker can decrypt the page, but because it's stored salted and hashed this should still protect against password reuse attacks if you've used the password on other websites (of course, please use a long, unique password nonetheless).
 
 ## Contributing
 
 ### 🙏 Thank you!
 
 - [@AaronCoplan](https://github.com/AaronCoplan) for bringing the CLI to life
-- [@epicfaace](https://github.com/epicfaace) & [@thomasmarr](https://github.com/thomasmarr) for sparking the caching of the passphrase in localStorage (allowing the "Remember me" checkbox)
+- [@epicfaace](https://github.com/epicfaace) & [@thomasmarr](https://github.com/thomasmarr) for sparking the caching of the password in localStorage (allowing the "Remember me" checkbox)
 - [@hurrymaplelad](https://github.com/hurrymaplelad) for refactoring a lot of the code and making the project much more pleasant to work with
 
 ### Opening PRs and issues

cli/helpers.js

@@ -196,7 +196,7 @@ function isCustomPasswordTemplateLegacy(templatePathParameter) {
 exports.isCustomPasswordTemplateLegacy = isCustomPasswordTemplateLegacy;
 
 function parseCommandLineArguments() {
-    return Yargs.usage("Usage: staticrypt <filename> [<passphrase>] [options]")
+    return Yargs.usage("Usage: staticrypt <filename> [<password>] [options]")
         .option("c", {
             alias: "config",
             type: "string",
@@ -218,7 +218,7 @@ function parseCommandLineArguments() {
         .option("f", {
             alias: "file-template",
             type: "string",
-            describe: "Path to custom HTML template with passphrase prompt.",
+            describe: "Path to custom HTML template with password prompt.",
             default: PASSWORD_TEMPLATE_DEFAULT_PATH,
         })
         .option("i", {
@@ -229,7 +229,7 @@ function parseCommandLineArguments() {
         })
         .option("label-error", {
             type: "string",
-            describe: "Error message to display on entering wrong passphrase.",
+            describe: "Error message to display on entering wrong password.",
             default: "Bad password!",
         })
         .option("noremember", {
@@ -245,14 +245,14 @@ function parseCommandLineArguments() {
         })
         .option("passphrase-placeholder", {
             type: "string",
-            describe: "Placeholder to use for the passphrase input.",
+            describe: "Placeholder to use for the password input.",
             default: "Password",
         })
         .option("r", {
             alias: "remember",
             type: "number",
             describe:
-                'Expiration in days of the "Remember me" checkbox that will save the (salted + hashed) passphrase ' +
+                'Expiration in days of the "Remember me" checkbox that will save the (salted + hashed) password ' +
                 'in localStorage when entered by the user. Default: "0", no expiration.',
             default: 0,
         })
@@ -279,6 +279,11 @@ function parseCommandLineArguments() {
                 + '"?staticrypt_pwd=<hashed_pwd>", or leave empty to display the hash to append.',
             type: "string",
         })
+        .option("short", {
+            describe: 'Hide the "short password" warning.',
+            type: "boolean",
+            default: false,
+        })
         .option("t", {
             alias: "title",
             type: "string",

cli/index.js

@@ -13,7 +13,7 @@ const cryptoEngine = require("../lib/cryptoEngine/cryptojsEngine");
 const codec = require("../lib/codec");
 const { convertCommonJSToBrowserJS, exitEarly, isOptionSetByUser, genFile, getPassword, getFileContent, getSalt} = require("./helpers");
 const { isCustomPasswordTemplateLegacy, parseCommandLineArguments} = require("./helpers.js");
-const { generateRandomSalt } = cryptoEngine;
+const { generateRandomSalt, generateRandomString } = cryptoEngine;
 const { encode } = codec.init(cryptoEngine);
 
 const SCRIPT_URL =
@@ -44,6 +44,16 @@ if (positionalArguments.length > 2 || positionalArguments.length === 0) {
 const inputFilepath = positionalArguments[0].toString(),
   password = getPassword(positionalArguments);
 
+if (password.length < 16 && !namedArgs.short) {
+  console.log(
+      `WARNING: Your password is less than 16 characters (length: ${password.length}). Brute-force attacks are easy to `
+      + `try on public files, and you are most safe when using a long password. You can hide this warning by increasing `
+      + `the length or adding the '--short' flag.\n`
+      + `Here's a strong generated password you could use: `
+      + generateRandomString(21)
+  )
+}
+
 // get config file
 const isUsingconfigFile = namedArgs.config.toLowerCase() !== "false";
 const configPath = "./" + namedArgs.config;

lib/cryptoEngine/cryptojsEngine.js

@@ -83,7 +83,7 @@ exports.hashLegacyRound = hashLegacyRound;
 function hashSecondRound(hashedPassphrase, salt) {
   return CryptoJS.PBKDF2(hashedPassphrase, salt, {
     keySize: 256 / 32,
-    iterations: 50000,
+    iterations: 14000,
     hasher: CryptoJS.algo.SHA256,
   }).toString();
 }
@@ -94,6 +94,43 @@ function generateRandomSalt() {
 }
 exports.generateRandomSalt = generateRandomSalt;
 
+function getRandomAlphanum() {
+    var possibleCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+
+    var byteArray;
+    var parsedInt;
+
+    // Keep generating new random bytes until we get a value that falls
+    // within a range that can be evenly divided by possibleCharacters.length
+    do {
+        byteArray = CryptoJS.lib.WordArray.random(1);
+        // extract the lowest byte to get an int from 0 to 255 (probably unnecessary, since we're only generating 1 byte)
+        parsedInt = byteArray.words[0] & 0xff;
+    } while (parsedInt >= 256 - (256 % possibleCharacters.length));
+
+    // Take the modulo of the parsed integer to get a random number between 0 and totalLength - 1
+    var randomIndex = parsedInt % possibleCharacters.length;
+
+    return possibleCharacters[randomIndex];
+}
+
+/**
+ * Generate a random string of a given length.
+ *
+ * @param {int} length
+ * @returns {string}
+ */
+function generateRandomString(length) {
+    var randomString = '';
+
+    for (var i = 0; i < length; i++) {
+      randomString += getRandomAlphanum();
+    }
+
+    return randomString;
+}
+exports.generateRandomString = generateRandomString;
+
 function signMessage(hashedPassphrase, message) {
   return CryptoJS.HmacSHA256(
     message,