Check password strength


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Check password strength
# 1  
Old 05-26-2010
Check password strength

For moderator: I made a new thread in a proper part of the forum now https://www.unix.com/homework-coursework-questions/137119-user-processes.html

But now i wan't to make something which isn't related to a homework, so i hope
you won't close this one. Thanks to those two answers, you helped me!

I would like to write a prog which can test the strength of password
It should check the length of password, it should be longer than 8 characters,
it must contain 2 numbers [0-9]
and some special signs like @,%,$
and of course typical alphabet from [A-z]

with which function can i limit the minimum pass length Smilie

---------- Post updated at 03:11 PM ---------- Previous update was at 11:04 AM ----------

hmm guess i have to work it out myself

---------- Post updated at 05:51 PM ---------- Previous update was at 03:11 PM ----------

Ok i have done everything by now, the only thing thats bugging me is how can i check how many
numbers a string contains, it should have at least two.

if [ $pass =~ [0-9]+ ]; then

but this gives me just one or more

I need an advice, please
# 2  
Old 05-26-2010
Quote:
Originally Posted by petel1
Ok i have done everything by now,
Is this script meant only for fun and just checking if the provided password matches the criteria or is it also passing the "strong" password to passwd command and a password change is done? If it's latter, please post your code, because I'm very curious Smilie

Quote:
Originally Posted by petel1
the only thing thats bugging me is how can i check how many
numbers a string contains, it should have at least two.
Code:
$ ./readpass.sh
Password: abcdef
EPIC FAIL! Password has not even one digit!
$ ./readpass.sh
Password: abcde3
FAIL! Need at least 2 digits!
$ ./readpass.sh
Password: 1abcde2
PASS! I could find at least 2 digits.
$

Code:
#!/bin/sh

#stty -echo

echo -n "Password: "
read pass

#stty echo

count=$(echo $pass | sed 's/[^0-9]//g')
echo $count | grep -o '[0-9]' >/dev/null

if [ $? != 0 ]; then
 echo "EPIC FAIL! Password has not even one digit!"
 exit
fi

count=$(printf $count | wc -c)

if [ $count -lt 2 ]; then

 echo "FAIL! Need at least 2 digits!"
 exit

 else

 echo "PASS! I could find at least 2 digits."
 exit

fi

Uncomment the two lines above, if you want the password *not* to be echoed (Recommended).
# 3  
Old 05-27-2010
Quote:
Originally Posted by petel1
Code:
if [ $pass =~ [0-9]+  ]; then

Code:
if [ $( echo $pass | grep -o '[0-9]' | wc -l ) -ge 2 ]

This User Gave Thanks to dr.house For This Post:
# 4  
Old 05-27-2010
Dr. house muchas gracias !!! Smilie

Can i ask you just about wc -l, i read that it counts new lines, how does it work in here and why doesn't the wc -m work?

If i type in password d$fg$1df3hd2f@$h it takes the $1 as an argument, how can i solve this problem?

Last edited by petel1; 05-27-2010 at 05:55 AM..
# 5  
Old 05-27-2010
Let's try an see ...

Code:
[house@leonov] echo "User0815" | grep -o '[0-9]'
0
8
1
5

4 hits = 4 lines Smilie

Quote:
Originally Posted by petel1
If i type in password d$fg$1df3hd2f@$h it takes the $1 as an argument, how can i solve this problem?
By "quoting the variable", I daresay, e.g.:

Code:
$( echo "$pass" | grep -o '[0-9]' | wc -l )


Last edited by dr.house; 05-27-2010 at 06:15 AM.. Reason: 2nd part added
# 6  
Old 05-27-2010
Aha so it orders them by the lines, thats a good trick

Do you have an idea how to solve the problem if i have a pass like this abc$1abc4@,
coz it takes the $1 as an argument and the same problem ocures with the $#,
something like if $ before [0-9] or #; then ...
# 7  
Old 05-27-2010
Ah, the beauty of Perl:
Code:
perl -nle 'exit 0 if( /.{8,}/ && ( s/\d//g ) >= 2 && ( s/[\$\._,%-]//g) >= 1 ); exit 1;'

This will return an exit code of 0 if, and only if, these requirements are met:
  • At least 8 characters (blue)
  • At least 2 of these are digits (green)
  • At least 1 special character from the group (not including the quotes) "$._,%-" (red)
Otherwise, the return code is 1.

Example usage (showing the return code):
Code:
> echo 'abcdefg' | perl -nle 'exit 0 if( /.{8,}/ && ( s/\d//g ) >= 2 && ( s/[\$\._,%-]//g) >= 1 ); exit 1;' ; echo $?
1
> echo 'abcdefgh' | perl -nle 'exit 0 if( /.{8,}/ && ( s/\d//g ) >= 2 && ( s/[\$\._,%-]//g) >= 1 ); exit 1;' ; echo $?
1
> echo '1abcdefgh2' | perl -nle 'exit 0 if( /.{8,}/ && ( s/\d//g ) >= 2 && ( s/[\$\._,%-]//g) >= 1 ); exit 1;' ; echo $?
1
> echo '1abcdefgh2$' | perl -nle 'exit 0 if( /.{8,}/ && ( s/\d//g ) >= 2 && ( s/[\$\._,%-]//g) >= 1 ); exit 1;' ; echo $?
0

 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Cybersecurity

Openssl cipher strength

I have read the forums for strengthing the openssl ciphers on a server and the following command I can run: openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH' I have some services that cannot be set to higher levels like you can set in an httpd.conf file.... (1 Reply)
Discussion started by: hydrashok158
1 Replies

2. AIX

How to find TX and RX strength?

I have an AIX server running 6.1. My SAN switch is reporting that it is only receiving 5.9 uWatts (micro watts) and it should be well over 100 uWatts. How can I see the transmit strength of my fiber card from within AIX? I have Emulex fiber cards. (1 Reply)
Discussion started by: kah00na
1 Replies

3. Solaris

Check when password expires

How do I check to see when a password expires on a user account with using the CLI? (1 Reply)
Discussion started by: jastanle84
1 Replies

4. Cybersecurity

Periodic check of user password strength

I need to periodically run a check on the passwords of the users (Redhat 5.0) to verify that all passwords meet minimal standards. I remember seeing a script years ago that grabbed the encrypted passwords from the file and checked if they matched any of the encrypted strings in another file, plus... (1 Reply)
Discussion started by: tlynnch
1 Replies

5. Shell Programming and Scripting

How can I check that a password is correct?

Hi there, There's something I don't understand. The same string does not give the same md5 hash everytime. I wanted to find a way to check someone's password but the following script obviously shows that it's not possible that way : ks354286:~# user=foo ks354286:~# pw=$(mkpasswd -H md5... (3 Replies)
Discussion started by: chebarbudo
3 Replies

6. Shell Programming and Scripting

Check password age

Hi Guys, I hope one of you has already done this and is kind enough to share your script with me. I have a Solaris8 server that uses password aging for its local user accounts. I need a script that checks the age of the password and then sends the user an email if the password is about to... (3 Replies)
Discussion started by: Tornado
3 Replies

7. UNIX for Dummies Questions & Answers

password check

Hi While using Pipe concept ,if a user enters a "login name" and "paswword" ,then how does a child process check for user password is correct or not and give notification to parent process. (1 Reply)
Discussion started by: riya
1 Replies

8. UNIX for Dummies Questions & Answers

Password safe encryption strength

I'm not sure if this is the right forum for this or not but we use a program called "Password Safe" to store the many root passwords we have for our Unix system. Now we are being called out by our security team to prove that this is a safe program to use. So far I have been able to determine... (1 Reply)
Discussion started by: keelba
1 Replies

9. Programming

check root password

hai Friends How can i check the root password of a linux system using a c program or with some shell script... I have seen many tools like webmin that authenticates the user using the root password... How do they do that... Pls help... Thanks in advance Collins (1 Reply)
Discussion started by: collins
1 Replies
Login or Register to Ask a Question