1 <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2 <html lang=
"et" xmlns=
"http://www.w3.org/1999/xhtml" xml:
lang=
"et">
5 <meta http-equiv=
"CONTENT-TYPE" content=
"text/html; charset=utf-8" />
6 <title>eVaf Tutorial -
01 - Introduction
</title>
7 <meta name=
"Author" content=
"Enar Väikene" />
8 <meta name=
"description" content=
"eVaf Tutorial" />
9 <meta name=
"keywords" content=
"evaf c++ application development framework tutorial password generator" />
10 <link rel=
"StyleSheet" href=
"evaf.css" type=
"text/css" media=
"all" />
15 <p>Next:
<a href=
"pswgen02.html">02 - Preparations
</a></p>
17 <h1>eVaf Tutorial
</h1>
19 <h2>01 - Introduction
</h2>
21 <p>On this page we write an application using the
<a href=
"index.html">eVaf
</a> application development framework. Knowledge of the
22 C++ programming language and
<a href=
"http://qt.nokia.com">Qt application and UI framework
</a> are required. The tutorial is written
23 for Linux, but with small modifications the same application can be written on Windows.
</p>
25 <h3>Specification
</h3>
27 <p>We try to be good programmers and start with a short specification for the application before writing any code.
</p>
29 <p>In
2011 the PlayStation Network was hacked and sensitive data including user names and passwords stolen. I as many other normal
30 people used the same password on PSN as well as on many other online services. Once one of them was compromised, all the passwords needed
33 <p>We are most secure when we use unique passwords for each and every web site and online service. So let us write an application that can
34 be used to generate unique passwords. We do it in such a way that whenever we need to re-enter a password, we can re-create it without
35 actually storing the password on our hard disks.
</p>
37 <p>For this we are going to write a password generator using cryptographic hash functions. By feeding the password generator with the
38 same input data, we end up with the same password. All we need to remember is the input data we entered when generating the password.
</p>
40 <p>For the input data, we can combine a name of the online service with a master password that only we know. We do not store the master
41 password, do not send it to any of the web pages nor can it be figured out from the generated password. Only things that we may want to
42 store are optional parameters for the password generator, like the length of the password.
</p>
44 <p>The application is simple and, for example, Firefox already has many add-ons that do exactly what we are going to write. To make it an
45 eVaf application, we are going to split it into modules and define interfaces to work with them. Every module does it's on job and can
46 be easily replaced if we wanted so:
</p>
49 <li>Generator -- Module that generates passwords using a cryptographic hash function. We are going to use simple MD5 hash function
50 in this tutorial, but it can be replaced with better methods that are more collision resistant than MD5.
</li>
51 <li>Storage -- Module that stores optional parameters for the password generator. As these parameters are actually not sensitive
52 information, we do not use any encryption here, but the module can be replaced with another one that uses encryption.
</li>
53 <li>User Interface -- Module that implements the GUI for the application.
</li>
56 <h4>Generator Module
</h4>
58 <p>The Generator module really needs to do only one job -- generate passwords in such a way that by feeding it with the same input data,
59 the same password gets generated. Input data for the password generator is:
</p>
62 <li>Name -- Name of the application, online service or web page for which the password is generated. This could be, for example,
63 "facebook.com" or "google.com".
</li>
64 <li>Master Password -- Password that only we know and is used for all the generated passwords.
</li>
65 <li>Length -- Length of the generated password. We prefer passwords that are as long as possible, but some applications or web sites
66 may require passwords that are shorter.
</li>
67 <li>Options -- Additional parameters for the password generator. We are not going to use these in this tutorial, but they could be
68 used to force the password generator to use a limited set of characters, like alpha-numeric only etc.
</li>
71 <p>We also may want to know the maximum length of the generated password. The maximum length depends on
72 the cryptographic hash function used in the module and we need a function in the interface for this.
</p>
74 <h4>Storage Module
</h4>
76 <p>The Storage module stores non-sensitive data required to re-generate passwords:
</p>
79 <li>Name -- The same name of the application, online service or web page that was used in the Generator module.
</li>
80 <li>Length -- Length of the password.
</li>
81 <li>Options -- Additional parameters for the password generator if they were used.
</li>
84 <p>We need a function in the interface that can be used to store input data for the generator when a password is generated.
</p>
86 <p>We also need functions to query stored data identified by the Name value. The query function could work with partial matches so that
87 when we enter "fa" into the user interface, it offers "facebook.com" if this record is found.
</p>
89 <h4>User Interface Module
</h4>
91 <p>The User Interface module provides us with a window where we can enter necessary input data and generate passwords. Once the password is
92 generated, we want it to store non-sensitive input data and optionally copy the generated password to the clipboard.
</p>
94 <p>If the Storage module supports this, then the User Interface module could also offer existing names based on the initial input.
</p>
96 <p>In the next section
<a href=
"pswgen02.html">02 - Preparations
</a> we prepare the development environment.
</p>
projects / evaf / blob