From: Enar Väikene <enar@vaikene.net>
Date: Thu, 21 Jul 2011 14:08:55 +0000 (+0300)
Subject: Work started on the tutorial.
X-Git-Url: https://www.vaikene.ee/gitweb/pswgen07.html?a=commitdiff_plain;h=1d2a1e80abac012e9755cd23b264e3e099ccc3f5;p=evaf
Work started on the tutorial.
---
diff --git a/www/evaf.css b/www/evaf.css
index 88bf274..ad5f778 100644
--- a/www/evaf.css
+++ b/www/evaf.css
@@ -27,6 +27,9 @@ h2 {
font-size: 150%;
margin-left: 20px;
}
+h3, h4 {
+ margin-left: 20px;
+}
p {
margin-left: 1.5em;
margin-right: 0.5em;
diff --git a/www/index.html b/www/index.html
index d407dff..bb4b222 100644
--- a/www/index.html
+++ b/www/index.html
@@ -21,6 +21,7 @@
<ul>
<li><a href="overview.html">eVaf overview</a></li>
+ <li><a href="pswgen01.html">eVaf tutorial</a></li>
<li><a href="/evaf.api">eVaf API documentation</a></li>
</ul>
diff --git a/www/pswgen01.html b/www/pswgen01.html
new file mode 100644
index 0000000..4bc5917
--- /dev/null
+++ b/www/pswgen01.html
@@ -0,0 +1,98 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xml:lang="et">
+
+ <head>
+ <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
+ <title>eVaf Tutorial - 01 - Introduction</title>
+ <meta name="Author" content="Enar Väikene" />
+ <meta name="description" content="eVaf Tutorial" />
+ <meta name="keywords" content="evaf c++ application development framework tutorial password generator" />
+ <link rel="StyleSheet" href="evaf.css" type="text/css" media="all" />
+ </head>
+
+ <body>
+
+ <h1>eVaf Tutorial</h1>
+
+ <h2>01 - Introduction</h2>
+
+ <p>On this page we write an application using the <a href="index.html">eVaf</a> application development framework. Knowledge of the
+ C++ programming language and <a href="http://qt.nokia.com">Qt application and UI framework</a> are required. The tutorial is written
+ for Linux, but with small modifications the same application can be written on Windows.</p>
+
+ <h3>Specification</h3>
+
+ <p>We try to be good programmers and start with a short specification for the application before writing any code.</p>
+
+ <p>In 2011 the PlayStation Network was hacked and sensitive data including user names and passwords stolen. I as many other normal
+ people used the same password on PSN as well as on many other online services. Once one of them was compromised, all the passwords needed
+ to be changed.</p>
+
+ <p>We are most secure when we use unique passwords for each and every web site and online service. So let us write an application that can
+ be used to generate unique passwords. We do it in such a way that whenever we need to re-enter a password, we can re-create it without
+ actually storing the password on our hard disks.</p>
+
+ <p>For this we are going to write a password generator using cryptographic hash functions. By feeding the password generator with the
+ same input data, we end up with the same password. All we need to remember is the input data we entered when generating the password.</p>
+
+ <p>For the input data, we can combine a name of the online service with a master password that only we know. We do not store the master
+ password, do not send it to any of the web pages nor can it be figured out from the generated password. Only things that we may want to
+ store are optional parameters for the password generator, like the length of the password.</p>
+
+ <p>The application is simple and, for example, Firefox already has many add-ons that do exactly what we are going to write. To make it an
+ eVaf application, we are going to split it into modules and define interfaces to work with them. Every module does it's on job and can
+ be easily replaced if we wanted so:</p>
+
+ <ul>
+ <li>Generator -- Module that generates passwords using a cryptographic hash function. We are going to use simple MD5 hash function
+ in this tutorial, but it can be replaced with better methods that are more collision resistant than MD5.</li>
+ <li>Storage -- Module that stores optional parameters for the password generator. As these parameters are actually not sensitive
+ information, we do not use any encryption here, but the module can be replaced with another one that uses encryption.</li>
+ <li>User Interface -- Module that implements the GUI for the application.</li>
+ </ul>
+
+ <h4>Generator Module</h4>
+
+ <p>The Generator module really needs to do only one job -- generate passwords in such a way that by feeding it with the same input data,
+ the same password gets generated. Input data for the password generator is:</p>
+
+ <ul>
+ <li>Name -- Name of the application, online service or web page for which the password is generated. This could be, for example,
+ "facebook.com" or "google.com".</li>
+ <li>Master Password -- Password that only we know and is used for all the generated passwords.</li>
+ <li>Length -- Length of the generated password. We prefer passwords that are as long as possible, but some applications or web sites
+ may require passwords that are shorter.</li>
+ <li>Options -- Additional parameters for the password generator. We are not going to use these in this tutorial, but they could be
+ used to force the password generator to use a limited set of characters, like alpha-numeric only etc.</li>
+ </ul>
+
+ <p>We also may want to know the maximum length of the generated password. The maximum length depends on
+ the cryptographic hash function used in the module and we need a function in the interface for this.</p>
+
+ <h4>Storage Module</h4>
+
+ <p>The Storage module stores non-sensitive data required to re-generate passwords:</p>
+
+ <ul>
+ <li>Name -- The same name of the application, online service or web page that was used in the Generator module.</li>
+ <li>Length -- Length of the password.</li>
+ <li>Options -- Additional parameters for the password generator if they were used.</li>
+ </ul>
+
+ <p>We need a function in the interface that can be used to store input data for the generator when a password is generated.</p>
+
+ <p>We also need functions to query stored data identified by the Name value. The query function could work with partial matches so that
+ when we enter "fa" into the user interface, it offers "facebook.com" if this record is found.</p>
+
+ <h4>User Interface Module</h4>
+
+ <p>The User Interface module provides us with a window where we can enter necessary input data and generate passwords. Once the password is
+ generated, we want it to store non-sensitive input data and optionally copy the generated password to the clipboard.</p>
+
+ <p>If the Storage module supports this, then the User Interface module could also offer existing names based on the initial input.</p>
+
+ <p>In the next section <a href="pswgen02.html">02 - Preparations</a> we prepare the development environment.</p>
+
+ </body>
+
+</html>