From: Enar Väikene <enar@vaikene.net>
Date: Thu, 21 Jul 2011 14:08:55 +0000 (+0300)
Subject: Work started on the tutorial.
X-Git-Url: https://vaikene.ee/gitweb/gitweb.cgi?p=evaf;a=commitdiff_plain;h=1d2a1e80abac012e9755cd23b264e3e099ccc3f5

Work started on the tutorial.
---

diff --git a/www/evaf.css b/www/evaf.css
index 88bf274..ad5f778 100644
--- a/www/evaf.css
+++ b/www/evaf.css
@@ -27,6 +27,9 @@ h2 {
     font-size: 150%;
     margin-left: 20px;
 }
+h3, h4 {
+    margin-left: 20px;
+}
 p {
     margin-left: 1.5em;
     margin-right: 0.5em;
diff --git a/www/index.html b/www/index.html
index d407dff..bb4b222 100644
--- a/www/index.html
+++ b/www/index.html
@@ -21,6 +21,7 @@
 
         <ul>
             <li><a href="overview.html">eVaf overview</a></li>
+            <li><a href="pswgen01.html">eVaf tutorial</a></li>
             <li><a href="/evaf.api">eVaf API documentation</a></li>
         </ul>
 
diff --git a/www/pswgen01.html b/www/pswgen01.html
new file mode 100644
index 0000000..4bc5917
--- /dev/null
+++ b/www/pswgen01.html
@@ -0,0 +1,98 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xml:lang="et">
+
+    <head>
+        <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
+        <title>eVaf Tutorial - 01 - Introduction</title>
+        <meta name="Author" content="Enar Väikene" />
+        <meta name="description" content="eVaf Tutorial" />
+        <meta name="keywords" content="evaf c++ application development framework tutorial password generator" />
+        <link rel="StyleSheet" href="evaf.css" type="text/css" media="all" />
+    </head>
+
+    <body>
+
+        <h1>eVaf Tutorial</h1>
+        
+        <h2>01 - Introduction</h2>
+
+        <p>On this page we write an application using the <a href="index.html">eVaf</a> application development framework. Knowledge of the
+        C++ programming language and <a href="http://qt.nokia.com">Qt application and UI framework</a> are required. The tutorial is written
+        for Linux, but with small modifications the same application can be written on Windows.</p>
+
+        <h3>Specification</h3>
+        
+        <p>We try to be good programmers and start with a short specification for the application before writing any code.</p>
+        
+        <p>In 2011 the PlayStation Network was hacked and sensitive data including user names and passwords stolen. I as many other normal
+        people used the same password on PSN as well as on many other online services. Once one of them was compromised, all the passwords needed
+        to be changed.</p>
+        
+        <p>We are most secure when we use unique passwords for each and every web site and online service. So let us write an application that can
+        be used to generate unique passwords. We do it in such a way that whenever we need to re-enter a password, we can re-create it without
+        actually storing the password on our hard disks.</p>
+        
+        <p>For this we are going to write a password generator using cryptographic hash functions. By feeding the password generator with the
+        same input data, we end up with the same password. All we need to remember is the input data we entered when generating the password.</p>
+        
+        <p>For the input data, we can combine a name of the online service with a master password that only we know. We do not store the master
+        password, do not send it to any of the web pages nor can it be figured out from the generated password. Only things that we may want to
+        store are optional parameters for the password generator, like the length of the password.</p>
+        
+        <p>The application is simple and, for example, Firefox already has many add-ons that do exactly what we are going to write. To make it an
+        eVaf application, we are going to split it into modules and define interfaces to work with them. Every module does it's on job and can
+        be easily replaced if we wanted so:</p>
+        
+        <ul>
+            <li>Generator -- Module that generates passwords using a cryptographic hash function. We are going to use simple MD5 hash function
+            in this tutorial, but it can be replaced with better methods that are more collision resistant than MD5.</li>
+            <li>Storage -- Module that stores optional parameters for the password generator. As these parameters are actually not sensitive
+            information, we do not use any encryption here, but the module can be replaced with another one that uses encryption.</li>
+            <li>User Interface -- Module that implements the GUI for the application.</li>
+        </ul>
+        
+        <h4>Generator Module</h4>
+        
+        <p>The Generator module really needs to do only one job -- generate passwords in such a way that by feeding it with the same input data,
+        the same password gets generated. Input data for the password generator is:</p>
+        
+        <ul>
+            <li>Name -- Name of the application, online service or web page for which the password is generated. This could be, for example,
+            "facebook.com" or "google.com".</li>
+            <li>Master Password -- Password that only we know and is used for all the generated passwords.</li>
+            <li>Length -- Length of the generated password. We prefer passwords that are as long as possible, but some applications or web sites
+            may require passwords that are shorter.</li>
+            <li>Options -- Additional parameters for the password generator. We are not going to use these in this tutorial, but they could be
+            used to force the password generator to use a limited set of characters, like alpha-numeric only etc.</li>
+        </ul>
+        
+        <p>We also may want to know the maximum length of the generated password. The maximum length depends on
+        the cryptographic hash function used in the module and we need a function in the interface for this.</p>
+        
+        <h4>Storage Module</h4>
+        
+        <p>The Storage module stores non-sensitive data required to re-generate passwords:</p>
+        
+        <ul>
+            <li>Name -- The same name of the application, online service or web page that was used in the Generator module.</li>
+            <li>Length -- Length of the password.</li>
+            <li>Options -- Additional parameters for the password generator if they were used.</li>
+        </ul>
+        
+        <p>We need a function in the interface that can be used to store input data for the generator when a password is generated.</p>
+        
+        <p>We also need functions to query stored data identified by the Name value. The query function could work with partial matches so that
+        when we enter "fa" into the user interface, it offers "facebook.com" if this record is found.</p>
+        
+        <h4>User Interface Module</h4>
+        
+        <p>The User Interface module provides us with a window where we can enter necessary input data and generate passwords. Once the password is
+        generated, we want it to store non-sensitive input data and optionally copy the generated password to the clipboard.</p>
+        
+        <p>If the Storage module supports this, then the User Interface module could also offer existing names based on the initial input.</p>
+        
+        <p>In the next section <a href="pswgen02.html">02 - Preparations</a> we prepare the development environment.</p>
+
+    </body>
+
+</html>