Data::Password::BasicCheck - Basic password checking
use Data::Password::BasicCheck; # Create a password checker object. We require that passwords # are at least 6 characters long, and no more than 8. We also # require that there are at least L/2 different symbols in the # password, where L is the password length. So, for a 6 caracter # long password, we require at least 3 different symbols, for # 8 characters long password we require at least 4 different # symbols, for 7 characters long password we again require # 4 symbols, since 7 *.5 = 3.5, which rounds to 4. my $pwcheck = Data::Password::BasicCheck->new(6, # minimal length 8, # maximum length .5) ; # symbol factor my $ok = $pwcheck->OK ; my $check = $pwcheck->check('My!Pass1','bronto', 'Marco', 'Marongiu', 'Los Angeles','1971 03 17') ; unless ($check eq $ok) { die "Please choose a better password" } print "Greetings! Your password was good :-)\n\n" ;
This class is used to build basic password checkers. They don't match password against dictionaries, nor they do complex elaborations. They just check that minimal security conditions are verified.
If you need a more accurate check, e.g. against a dicitonary, you should consider using a different module, like Data::Password.
Data::Password::BasicCheck objects will do the following checks on the given passwords:
password length is in a defined range that is estabilished at object creation;
there are at least pL symbols in password, where L is password length and p is 0 < p =< 1. If not specified at object creation we assume p = 2/3 (that is: 0.66666...)
password contains alphabetic characters, digits and non-alphanumeric characters;
rotations of the password don't match it (e.g.: the password a1&a1& matches itself after three rotations)
after cleaning away digits and symbols, the password, its reverse and all possible rotations don't match any personal information given (name, surname, city, username)
creates a password checker object. Takes two mandatory arguments and an optional third argument. The are: minimal and maximal password length and a symbol factor, which defaults to 2/3 (0.6666....). A symbol factor is a number p such that 0 < p <= 1. Given p, a password of length L must contain at least round(p*L) characters. For example, a 6-character long password must contain at least 4 different symbols by default.
returns the minimal password length as defined upon object creation.
returns the maximal password length as defined upon object creation.
returns the symbol factor as defined upon object creation, or the default one otherwise.
Takes a password to check as first argument, and an arbitrary length list of personal data (e.g.: user's ID, name, surname, city, birthdate...) It first checks that the password in itself is good; if it isn't, checks to see if there exists at least a segment of minimal length that could be considered secure. It returns an integer value, starting from 0, whose meaning is:
password ok
password too short
password too long
password must contain alphabetic characters, digits and non-alphanumeric symbols;
not enough different symbols in password
password matches itself after some rotations
password matches personal information
password too weak: security checks have failed on the password and on all minimal length segments of it
If you establish that passwords should have a minimal length of 5 characters and a maximal length of 20, you should consider that your system's security depends on password having at least a 5 character long segment that can be considered secure. Since it was hard for me to understand it at first, I'll explain this by example to make it clear.
So, let's suppose that we want passwords from 5 to 15 characters long, with a psym factor of 2/3. The password 1pas; could be considered secure (it has numbers, symbols and alphabetic characters, and each character is unique). What about the password 1pas;aaaaaaaaaa? Well, it won't pass the test for repeated characters (it has 11 a's for an overall length of 15); but you surely noticed that it is exactly the previous password padded with a's to the maximum length. Since the first password was considered secure, we can't consider the second less secure than it, the same way we don't make our car less secure if, besides the normal locks, we add a steering wheel locker (in fact, it should be more secure).
1pas;
1pas;aaaaaaaaaa
Therefore, if the full length password can be considered secure, that's good. If it's not, but a minimal length segment is, that segment is good, and the rest of the password is added noise, which makes it more secure and not easier to guess.
Implement more advanced techniques with Quantum::Superpositions, as suggested by larsen <http://perlmonks.org/index.pl?node=larsen>
The book Essential System Administration, by Aeleen Frisch, printed by O'Reilly and Associates;
The PerlMonks web site, http://www.perlmonks.org/, where the ideas behind this module have been largely discussed.
Many people among the Italian Perl Mongers, which you can find on IRC on the channel #nordest.pm on slashnet
Marco Marongiu, <bronto@cpan.org>
Copyright 2003 by Marco Marongiu
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
7 POD Errors
The following errors were encountered while parsing the POD:
Expected text after =item, not a number
To install Data::Password::BasicCheck, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Data::Password::BasicCheck
CPAN shell
perl -MCPAN -e shell install Data::Password::BasicCheck
For more information on module installation, please visit the detailed CPAN module installation guide.