[Thamesvalley-pm] password strength check
Greg Matthews
gmatt at nerc.ac.uk
Fri Jun 20 06:31:38 PDT 2008
I need to do a password strength check. Is there a perl shortcut
(interface to cracklib maybe?) that I can use?
I have an old script here that does password strength checking and I'm
pretty sure it comes from a perl book but I cant find which one. The
main meat of the script is a subroutine called goodenough(). The reason
I think its lifted from a book is this comment part way thru the subroutine:
# Check for naughty words. :-)
# (Add the traditional naughty words to the list sometime
# when your mother isn't watching. We didn't want to
# print them in a family-oriented book like this one...)
If I end up recycling this code, I'd like to check for errata/discussion
that may have been published. Does anyone recognise it from this short
description? A full grep list of the comments is given below
GREG
###############################################################
# #
# This subroutine is the whole reason for this program. It #
# checks for many different kinds of bad password. We don't #
# tell people what kind of pattern they MUST have, because #
# that would reduce the search space unnecessarily. #
# #
# goodenough() returns 1 if password passes muster, else 0. #
# #
###############################################################
# Embedded null can spoof crypt routine.
# Same password they just had?
# Too much like the old password?
# Too short? Get progressively nastier.
# Is it in one of the dictionaries?
# First check the BADPATS file.
# Truncate common suffixes before searching dict.
# We'll iterate over several dictionaries.
# Do the lookup (dictionary order, case folded)
# Now check for two word-combinations. This gets hairy.
# We look up everything that starts with the same first
# two letters as the password, and if the word matches the
# head of the password, we save the rest of the password
# in %others to be looked up later. Passwords which have
# a single char before or after a word are special-cased.
# We take pains to disallow things like "CamelAte",
# "CameLate" and "CamElate" but allow things like
# "CamelatE" or "CameLAte".
# If the password is exactly 8 characters, we also have
# to disallow passwords that consist of a word plus the
# BEGINNING of another word, such as "CamelFle", which
# will warn you about "camel" and "flea".
# Check for naughty words. :-)
# (Add the traditional naughty words to the list sometime
# when your mother isn't watching. We didn't want to
# print them in a family-oriented book like this one...)
# Does it look like a date?
# Login id?
# My own name?
# My host name?
# License plate number?
# A function key? (This pattern checks Sun-style fn keys.)
# A sequence of closely related ASCII characters?
# A sequence of keyboard keys?
# Repeated patterns: ababab, abcabc, abcdabcd
# Reversed patterns: abccba abcddcba
# Some other login name?
# A local host name?
# Reversed login id?
# Previously used?
--
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
--
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.
More information about the Thamesvalley-pm
mailing list