datatracker/ietf/templates/registration/change_password.html

{# bs5ok #}
{% extends "base.html" %}
{# Copyright The IETF Trust 2015, All Rights Reserved #}
{% load origin %}
{% load django_bootstrap5 %}
{% load static %}
{% block title %}Change password{% endblock %}
{% block js %}
    {{ block.super }}
    <script src="{% static 'ietf/js/zxcvbn.js' %}"></script>
    <script src="{% static 'ietf/js/password_strength.js' %}"></script>
{% endblock %}
{% block content %}
    {% origin %}
    {% if success %}
        <p class="alert alert-info my-3">
            Your password was successfully changed.
        </p>
        {% if not user.is_authenticated %}
            <a type="a"
               class="btn btn-primary"
               href="/accounts/login/"
               rel="nofollow">Sign in</a>
        {% endif %}
    {% else %}
        <h1>Change password</h1>
        <form method="post" class="my-3">
            {% csrf_token %}
            {% bootstrap_form form %}
            <button type="submit" class="btn btn-primary">Change password</button>
        </form>
        <div class="alert alert-info mt-5">
            <b>Online attack: </b>This password form uses the
            <a href="https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/">zxcvbn</a>
            password strength estimator to give an indication of password strength.
            The crack time estimate given above assume online attack without rate
            limiting, at a rate of 10 attempts per second.
            <hr>
            <b>Offline cracking: </b>
            The datatracker currently uses the <code>{{ hasher.algorithm }}</code>
            password hasher with
            {% if hasher.iterations %}
                {{ hasher.iterations }} iterations
            {% elif hasher.rounds %}
                {{ hasher.rounds }} rounds
            {% elif hasher.time_cost and hasher.memory_cost and hasher.parallelism %}
                <code>time cost {{ hasher.time_cost }}</code>, <code>memory cost {{ hasher.memory_cost }}</code>
                and <code>parallelism {{ hasher.parallelism }}</code>
            {% endif %}
            .
            Calculating offline attack time if password hashes should leak is left
            as an exercise for the reader.
            <span class="password_strength_offline_info visually-hidden">
                As a guideline, if we assume offline hashing using the current hasher
                at a speed of 10<sup>4</sup> attempts per second, this password would
                take <em class="password_strength_time"></em> to crack.
            </span>
        </div>
    </div>
{% endif %}
{% endblock %}