LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-26-2013, 09:05 AM   #1
linuxkid12
LQ Newbie
 
Registered: Apr 2013
Posts: 6

Rep: Reputation: Disabled
Writing a password checking script


If I had to write a script to check the suitability of passwords would the best way be to have a parameter for them to enter it. And then if statements to say if it doesn't have a number etc that its not strong? Any ideas?
 
Old 04-26-2013, 09:10 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,450

Rep: Reputation: 891Reputation: 891Reputation: 891Reputation: 891Reputation: 891Reputation: 891Reputation: 891
Sounds like a homework assignment to me....

What have you tried so far?
 
Old 04-26-2013, 10:07 AM   #3
Beryllos
Member
 
Registered: Apr 2013
Location: Massachusetts
Distribution: Debian
Posts: 354

Rep: Reputation: 152Reputation: 152
It shouldn't be very hard to scan for the presence of certain character types: numerical, upper/lower case, and symbols.

If you are serious about password strength, you should consider detecting passwords that can be looked up in a dictionary or a list of names (any first or last name, username, places, companies, etc.), or real words/names modified by substitution of similar looking characters (for example, l:1, Z:2, E:3, A:4, S:5, ...), or simple patterns like 123ABC or qwerty. Those are just a few examples of weak passwords. Sorry, I couldn't tell you an algorithm.

Try putting "password strength" into your favorite search engine. Here's a particularly juicy hit: http://stackoverflow.com/questions/7...-of-a-password
 
Old 04-26-2013, 10:36 AM   #4
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 982
Blog Entries: 2

Rep: Reputation: 244Reputation: 244Reputation: 244
A suitable place to put such checks is in a PAM module. At least a couple of these exist that you might want to look at - passwdqc and cracklib.
 
Old 04-26-2013, 10:40 AM   #5
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
First of all, you need to set some standard that what type of password is strong and what does it contain i.e. uppercase, lowercase, special characters, number of characters, how password begins with etc.

On the other hand, you just need to read about character classes and manual of grep command and then use them in your script.

Let's know if you are stuck somewhere.
 
Old 04-26-2013, 12:43 PM   #6
danielbmartin
Senior Member
 
Registered: Apr 2010
Location: Apex, NC, USA
Distribution: Mint 17.3
Posts: 1,574

Rep: Reputation: 478Reputation: 478Reputation: 478Reputation: 478Reputation: 478
Security experts discourage repeat characters because such passwords are insecure. A person whose "lucky number" is 7 might be tempted to establish a password such as 7777777777. The easily-remembered incrementing-sequence password 0123456789 is insecure, as is the decrementing sequence 9876543210. Also insecure: "flip-flop" passwords such as 6969696969.

Daniel B. Martin
 
Old 04-27-2013, 01:31 AM   #7
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 982
Blog Entries: 2

Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by danielbmartin View Post
Security experts discourage repeat characters because
http://everything2.com/title/The+Psy...+of+Randomness
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What's the best way to handle checking for a similar previous password? abefroman Linux - Security 15 10-27-2010 05:12 AM
[PHP] checking password strength -- cracklib recommended? zirias Programming 7 07-18-2010 06:52 AM
Password checking has room for improvement kenhtanaka Linux - Security 7 03-01-2008 12:02 PM
Need help with checking if opensuse 10.2 password is correct through php derekalan18 SUSE / openSUSE 2 02-03-2008 11:03 AM
Checking a password with PAM/Winbind? quill18 Programming 1 05-25-2005 03:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration