nmctp

No more clear text passwords

Stop the nonsense

No Key Installation

There are two steps to follow in order to install no_key for securing your web application:

a) building the server
b) installing the new safe ‘login’ in your webapp

a) Building no_key_server

Download the latest tgz version of no_key from Github:
http://sourceforge.net/projects/nmctp/files/nokey
Decompress the downloaded tarball:
```
$ tar xzvf nokey-<VERSION>.tgz
```
Get into the newly created directory:
```
$ cd nokey-<VERSION>
```
If you do not have write permission in /etc you need to change the NO_KEY_CONF_FILE constant in the no_key.h file:
```
#define NO_KEY_CONF_FILE "/etc/no_key.mod"
```
to a directory with write permission like:
```
#define NO_KEY_CONF_FILE /my/new/path/to/store/no_key.mod
```
it needs not be a read-only file or any secure path
By default, the value of NO_KEY_SIZE constant (in no_key.h) is 1024. You can change this value to 256, 512 and 2048. This will be run-time configurable in future versions.
Build no_key:
```
$ make
```
If the make succeeds, two executable no_key_server and no_key_client will have been built.

To test no_key_server run:

$ make test
./no_key_client 'Teh password!'
K: : [546568207061737377726F6421]
p: : [EF4FBB72BD78ADC40481DC3D879253989433046B463B40ACF558580254E413A59420
5A12A704CFC6D91B2362B203A9510C130F384457617191C1DD0A1A8B107D8247E37B70CE9E
1FE0154C5A9B6655985C8DC76CECB1B5AEC8DABD49F77FBE24D1E7BBB5383FF17A8F813826
8332A78F813F43743BC49F5EFE3C0B9A1E48EEDF]
u1: : [CC10D1DD3DB7850CCFEEEBB1DA256CD0FF0E234C3BE17D0B034187E50BEF39CD05D
91A8F6C869D3BCDD58CE3715CB40394EFE7A30D089C52FE330C068D6F3F7C116D44E052428
435F9721E98990F42026409355301518DA7FDBF4F6B0960E7ABC5484196F2E5EC48E511706
B05C95499A8FEA5044183820CC3B14520CD83D033]
q1: : [1D259D69AE894E6019E0A6B4720CB54CA4543D8593D7C23B0CEC0C13D5C47081212
1F54AA01D7DE0EBDBDD415F50C355BB822D133E6AAEAD90C0C9EC3937771F2BC2EB9AB7EB4
7CC846DF018B33456F696DB73D18BED90674F2AF9AEA4005FCE885B2492503ECABE86D8E87
930D17D8667545D2EE97E7D060D2CD26ABF065516]
q2: : [A741DC21757324578BF00E27A59217683CE0BBE2F6F0037D16BC66BAA22619600C7
5ABEE2B3BB73AE6F5645F7DFFAC91194298A258C34AB94B4BAE4BEC64DBC16A032A8F416BA
2066A0CC22D205F881D4F48848C050B068D6679F5A140C10A826CCCDD0BD91BBF8133B78C1
0C187C40D4160D9D5DA07BD1EE3D182005B9FD0A2]
q3: : [8A268EA5389BAFE40039ACBCDC6360C405E99F58C36F02A609B1799EB873CE8FB13
1408BC6DC4AC0C5455F01AE5FFECA489E2631043F50C2DB43E183C65EC69772B46BDB087D8
4D6EAA6B9BE9FA609CBE0AEEAEB6C71C4150DC17EC11996BD02528C53A9C350F0DDB2C25EF
E2F212BDCD017B94DA39DC861324DA0D994A99C31]
Key: [Teh password!]

Try ./no_key_client your_password

b) Installing the new safe ‘login’ in your webapp

The web directory contains a safe login example:

nokey-config.php: In this file you need to define the value of NO_KEY_SERVER which is the no_key_server path. Usually it will be ../cgi-bin/no_key_server.
nokey.php: This file contains the server side of No Key Shamir’s protocol. In this file the function user_authentication($user, $password) is called. This function is implemented in the file your_app.php.
To add the safe login to your app you will have to replace this function with yours. The authentication function return true if the password is valid and false otherwise.
your_app.php: This file pretends the application user authentication. The demo user and password are admin and passw0rd.
login.php: This file has a login form (The demo user and password are admin and passw0rd). If the user and password are valid, then a session will be created and it will be redirected to index.php.
logout.php: In this file the session is destroyed and the browser is redirected to login.php.

About nmctp

nmctp.com is a project to stop the nonsense regarding passwords used in the login protocols of most Web 2.0 projects.

Documentation

No-Key: Installation; man page; Demo
Poorman's PKCS: man page