[Omaha.pm] One-liner regexp to check for password strength...

[Daniel Linder]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Guys,

I'm looking for a Perl one-liner regexp that will check a given password
string to see if it meets a 'strength' requiement.

The tests are:
1:  Length >= 6 characters
2a: Contains number(s) (0-9)
2b: Contains lowercase letter(s) (a-z)
2c: Contains uppercase letter(s) (A-Z)
2d: Contains symbol character(s) (!@#$%^&*()-=_+`~\|":;<>,.?/ ... etc)

A password is good if it meets rule #1 and three of the four in #2.

At first glance a check such as /[a-z]+[A-Z]+[0-9]+/ could be a start, but
it requires that the order of the lower case characters be before any
upper-case characters or numbers, plus it ignores the length requirement.

I've pretty much given up on a one-liner and this is the closest I can
come up with (ugly):

#!/usr/bin/perl

$PASSWD=shift;

$LEN = length($PASSWD);
printf ("LEN: $LEN\n");

$NumDigits = ($PASSWD =~ tr/[0-9]*//);
printf ("NumDigits: $NumDigits\n");

$NumUpperCase = ($PASSWD =~ tr/[A-Z]*//);
printf ("NumUpperCase: $NumUpperCase\n");

$NumLowerCase = ($PASSWD =~ tr/[a-z]*//);
printf ("NumLowerCase: $NumLowerCase\n");

$NumSpecial   = ($PASSWD =~
tr/[\!\@\#\$\%\^\&\*\(\)\_\+\-\=\{\}\[\]\\\|;\':\"\,\.\/\<\>\?\~\`]*//);
printf ("NumSpecial: $NumSpecial\n");

if ( ( $LEN >= 6 )
     and
     ( ($NumDigits?1:0) + ($NumUpperCase?1:0) + ($NumLowerCase?1:0) +
($NumSpecial?1:0) >= 3 )
   ) {
        printf ("Password \"%s\" passed.\n", $PASSWD);
}

Dan

- - - - -
"Wait for that wisest of all counselors, time." -- Pericles
"I do not fear computer, I fear the lack of them." -- Isaac Asimov
GPG fingerprint:9EE8 ABAE 10D3 0B55 C536  E17A 3620 4DCA A533 19BF

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCsP9yNiBNyqUzGb8RAgsPAJ4lIEf4iu8GVvgc/ad9mGGTQOXEkgCfc4jG
5V5mgha1r4/BjlOqR0c6K24=
=MUv8
-----END PGP SIGNATURE-----