Password validator script wanted.

Re: Password validator script wanted.

Hi Al!
On Sun, 21 Sep 2003 20:07:00 GMT, "Adams-Blake Co."
<atakeoutcanton @adams.takeme.o ut.-blake.com> wrote:
[color=blue]
>I want to allow the user to enter her own username and password.
>
>I want to validate the password the way lots of programs do.... that it has
>to be:
>
>- 6 or more characters.
>
>- must be at least one upper and one lower case letter in the password.
>
>- must be at least one number in the password.
>
>Does anyone know where I can find a script to do this validation or something
>similar. I'm just too lazy, busy, to write one and there is no use to
>re-invent the wheel as I'm sure someone out there has such a beast.
>[/color]

Just if you have access to your server: Use the crack extension, which
checks the password against a dictionary.

HTH, Jochen
--
Jochen Daum - CANS Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.

Re: Password validator script wanted.

Jochen Daum wrote:
[color=blue]
> Hi Al!
> On Sun, 21 Sep 2003 20:07:00 GMT, "Adams-Blake Co."
> <atakeoutcanton @adams.takeme.o ut.-blake.com> wrote:
>[color=green]
>>I want to allow the user to enter her own username and password.
>>
>>I want to validate the password the way lots of programs do.... that it has
>>to be:
>>
>>- 6 or more characters.
>>
>>- must be at least one upper and one lower case letter in the password.
>>
>>- must be at least one number in the password.
>>
>>Does anyone know where I can find a script to do this validation or
>>something similar. I'm just too lazy, busy, to write one and there is no use
>>to re-invent the wheel as I'm sure someone out there has such a beast.
>>[/color]
>
> Just if you have access to your server: Use the crack extension, which
> checks the password against a dictionary.
>
> HTH, Jochen[/color]


I don't want to CRACK anything, I just want to make sure the user has a
"secure" password as possible. Is there a better way to generate a secure
password besides a 50 character string of gibberish?

Al

Re: Password validator script wanted.

Hi AI!
[color=blue][color=green][color=darkred]
>>>I want to allow the user to enter her own username and password.
>>>
>>>I want to validate the password the way lots of programs do.... that it has
>>>to be:
>>>
>>>- 6 or more characters.
>>>
>>>- must be at least one upper and one lower case letter in the password.
>>>
>>>- must be at least one number in the password.
>>>
>>>Does anyone know where I can find a script to do this validation or
>>>something similar. I'm just too lazy, busy, to write one and there is no use
>>>to re-invent the wheel as I'm sure someone out there has such a beast.
>>>[/color]
>>
>> Just if you have access to your server: Use the crack extension, which
>> checks the password against a dictionary.
>>
>> HTH, Jochen[/color]
>
>
>I don't want to CRACK anything, I just want to make sure the user has a
>"secure" password as possible. Is there a better way to generate a secure
>password besides a 50 character string of gibberish?[/color]

The crack extension doesn't crack anything. What it does is checking
the password against a dictionary. This is good, because hackers will
have the same dictionary at hand to crack your password. HAve a look
at the extension, its very good!

It seems to be weak on passwords longer than 12 characters though,
thats maybe due to some maths inside.

Jochen
[color=blue]
>
>Al
>[/color]

--
Jochen Daum - CANS Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.

Re: Password validator script wanted.

"Adams-Blake Co." <atakeoutcanton @adams.takeme.o ut.-blake.com> writes:[color=blue][color=green][color=darkred]
> >>- 6 or more characters.
> >>
> >>- must be at least one upper and one lower case letter in the password.
> >>
> >>- must be at least one number in the password.[/color][/color]
>
> I don't want to CRACK anything, I just want to make sure the user has a
> "secure" password as possible. Is there a better way to generate a secure
> password besides a 50 character string of gibberish?[/color]

A 60 character string of gibberish?

More seriously

if (strlen($pwd) >= 6 && ereg("[A-Z]",$pwd) && ereg("[a-z]",$pwd)
&& ereg("[0-9]",$pwd)) {
// okay (but do the dictionary check with 'crack' too, if you can)
} else {
// reject
}

--
Chris

Re: Password validator script wanted.

Chris Morris wrote:
[color=blue]
> "Adams-Blake Co." <atakeoutcanton @adams.takeme.o ut.-blake.com> writes:[color=green][color=darkred]
>> >>- 6 or more characters.
>> >>
>> >>- must be at least one upper and one lower case letter in the password.
>> >>
>> >>- must be at least one number in the password.[/color]
>>
>> I don't want to CRACK anything, I just want to make sure the user has a
>> "secure" password as possible. Is there a better way to generate a secure
>> password besides a 50 character string of gibberish?[/color]
>
> A 60 character string of gibberish?
>
> More seriously
>
> if (strlen($pwd) >= 6 && ereg("[A-Z]",$pwd) && ereg("[a-z]",$pwd)
> && ereg("[0-9]",$pwd)) {
> // okay (but do the dictionary check with 'crack' too, if you can)
> } else {
> // reject
> }
>[/color]

Hey, thanks. I was expecting two pages of code with a ton of "if" loops and
substring compares. I really have to learn the "erge" command. I've never
understood it but it sure comes in handy.

As for "crack" to the best of my knowledge my ISP does not provide it as I
did a phpinfo() and did not see anything about it being loaded. I'll try a
piece of code and see what happens when I get a chance.

Thanks again for the ereg!

Al

Re: Password validator script wanted.

I noticed that Message-ID: <87d6dtxb6l.fsf @dinopsis.dur.a c.uk> from Chris
Morris contained the following:
[color=blue]
>if (strlen($pwd) >= 6 && ereg("[A-Z]",$pwd) && ereg("[a-z]",$pwd)
> && ereg("[0-9]",$pwd)) {
> // okay (but do the dictionary check with 'crack' too, if you can)[/color]

Correct me if I'm wrong, but I don't know too many dictionary words with
numbers in them. Would crack have common substitutions as well (e.g
BA1100N).

--
Geoff Berrow
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: Password validator script wanted.

Hi Geoff!
On Mon, 22 Sep 2003 20:53:19 +0100, Geoff Berrow
<bl@ckdog.co.uk .the.cat> wrote:
[color=blue]
>I noticed that Message-ID: <87d6dtxb6l.fsf @dinopsis.dur.a c.uk> from Chris
>Morris contained the following:
>[color=green]
>>if (strlen($pwd) >= 6 && ereg("[A-Z]",$pwd) && ereg("[a-z]",$pwd)
>> && ereg("[0-9]",$pwd)) {
>> // okay (but do the dictionary check with 'crack' too, if you can)[/color]
>
>Correct me if I'm wrong, but I don't know too many dictionary words with
>numbers in them. Would crack have common substitutions as well (e.g
>BA1100N).[/color]

It does stuff like that, but I don't know what and to which extend.

Jochen

--
Jochen Daum - CANS Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.