Download Latest Version PassCard.zip (1.9 MB)
Email in envelope

Get an email when there's a new version of PassCard

Home / PassCard_IEPro
Name Modified Size InfoDownloads / Week
Parent folder
ReadMe_IEPro.txt 2010-12-25 3.1 kB
0
PassCard_IEPro.zip 2010-12-25 888.5 kB
0
Totals: 2 Items   891.5 kB 0 
How to install PassCard
1. Download IE7PRO from http://www.ie7pro.com/download.php; please accept the defaults for everything, particularly if you are asked about the download location.
2. Unzip the user script code. Copy and paste it into the userscripts folder. The default location for a 32-bit operating system (OS) is:  C:\Program Files\IEPro\userscripts, whereas the default location for a 64-bit OS is: C:\Program Files (x86)\IEPro\userscripts.
3. Restart your IE browser. Then, go to: Tools/IE7Pro Preferences and a window will appear. Choose the User Scripts tab on the left-hand side of the window. After that, tick the Enable User Scripts check-box.  Next, click on the Reload All Scripts button. You will now see the PassCard user script with name PassCard, and you only need to click its corresponding check-box. Then click OK, and you are good to go! 


How to create a PassCard
1. Go to Control Panel and double-click on Windows CardSpace.
2. Create a personal card, i.e. a PassCard, by clicking on Add a card and then choosing a personal card. Please give the card a name, and, if you like, you can also upload a picture to appear on the card. Then, enter your username in the First Name field, and your password in the Last Name field. Optionally, you can also enter the URL of the login page of the visited site in the Web Page field (in order to eliminate phishing attacks). 
3. Finally, click on the save button.


Notes
1. When operating in HTTPS mode, PassCard encrypts username-password values using AES in CBC mode with a 64-character key (the key is stored in the JavaScript file, which is part of the plug-in package, and can  therefore be seen by anyone viewing the file).   Please note that the encryption of the username and password is not necessary to prevent channel eavesdropping, because an SST/TLS channel is already established between the browser and the target HTTPS site. However, if the username and password are sent as part of the URL (as is the case here), then if sent in plaintext these values will be vulnerable to shoulder-surfing attacks since they will be shown in the browser address bar (and possibly also in the browser status bar). The implementation uses a symmetric encryption scheme for username/password encryption in order to minimise the overhead.
2. When operating in HTTPS mode, the HTTP server (HS) may be one of the PassCard default website, your own HS site, or a local HTTP-based webserver running on your PC (setting a webserver is typically straightforward, e.g. by installing XAMPP on Windows).
3. This PassCard version has been successfully tested with more than 30 websites, including RHUL, YouTube, Facebook, Google, Yahoo, Amazon, ACM Portal, Springerlink, IEEE Explore, Wikipedia, Myopenid, and Microsoft Research (websites most recently checked on 25/12/2010).


How to set your (http) home page to act as the TTP
1. Copy the full URL of your webpage and paste it in line 50 of the code file, particularly in place of http://www.isg.rhul.ac.uk/~cjm/PassCard.htm, and that’s that the end!
Source: ReadMe_IEPro.txt, updated 2010-12-25