SPUG:help with good passwords

Brian Hatch spug at ifokr.org
Tue May 13 19:42:07 CDT 2003

> My challenge is that passwd keep strict rules about
> what kind of passwords are good (not based on a
> dictionary word, at least n characters), and will
> error if the password is bad.

It's probably using cracklib.

Here's what I wrote years ago (still works)

  # try cracklib
  use FileHandle;
  use IPC::Open2;
  open2(*RD, *WR, "/usr/sbin/crack_testlib") or bail "crack_testlib
  print WR "$NEWPW\n" or bail "Couldn't write";
  close WR;
  while (<RD>) {
          ($pw,$reason) = split /: /;
          # Strip trailing space
          $reason =~ s/\s*$//g;
          if ($pw eq $NEWPW) {
                  last if ($reason eq 'ok')
  close RD;

  if ( $reason ne "ok" ) {
        <h2>Password Strength Error</h2>
        Sorry, the password you supplied is not strong enough.
        The automated password checking routine said the following:
        Please go back and try again with a stronger password.

Brian Hatch                  "All we need to do is stop
   Systems and                idiot-proofing the world.
   Security Engineer          Pretty soon, we'll run out
http://www.ifokr.org/bri/     of idiots."
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.pm.org/pipermail/spug-list/attachments/20030513/2f8df97c/attachment.bin

More information about the spug-list mailing list