passwordcheck

package module
v0.0.0-...-b2ea14b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2014 License: CC0-1.0 Imports: 5 Imported by: 0

README

passwordcheck

Build Status

Go package passwordcheck is a password and passphrase strength checker based on passwdqc.

Currently implemented via a CGO-binding to a passwdqc (modified to remove dependency on pwd.h). In the future I'd like to translate it to pure Go.

Installation

$ go get github.com/dchest/passwordcheck

Documentation

http://godoc.org/github.com/dchest/passwordcheck

Documentation

Overview

Package passwordcheck is a password and passphrase strength checker based on passwdqc (http://www.openwall.com/passwdqc/).

Currently implemented via a CGO-binding to a modified passwdqc.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrEmpty       = errors.New("empty password")
	ErrFailed      = newError(C.REASON_ERROR)       // check failed
	ErrSame        = newError(C.REASON_SAME)        // same as the old one
	ErrSimilar     = newError(C.REASON_SIMILAR)     // based on the old one
	ErrShort       = newError(C.REASON_SHORT)       // too short
	ErrLong        = newError(C.REASON_LONG)        // too long
	ErrSimpleShort = newError(C.REASON_SIMPLESHORT) // not enough different characters or classes for this length
	ErrSimple      = newError(C.REASON_SIMPLE)      // not enough different characters of classes
	ErrPersonal    = newError(C.REASON_PERSONAL)    // based on user name
	ErrWord        = newError(C.REASON_WORD)        // based on a directionary word and not a passphrase
	ErrSeq         = newError(C.REASON_SEQ)         // based on a common sequence of characters and not a passphrase
)
View Source 
var DefaultPolicy = &Policy{
	Min:             [5]int{Disabled, 24, 11, 8, 7},
	Max:             1024,
	PassphraseWords: 3,
	MatchLength:     4,
	DenySimilar:     true,
}

DefaultPolicy is the default password strength policy.

View Source 
var Disabled = C.INT_MAX

Disabled provides a value for Policy's Min to disable a password kind.

Functions

This section is empty.

Types

type Error 

type Error struct {
	// contains filtered or unexported fields
}

func (*Error) Error 

func (e *Error) Error() string

type Policy 

type Policy struct {
	// Min declares the minimum allowed password lengths for different
	// kinds of passwords and passphrases.
	//
	// Constant Disabled can be used to disallow passwords of a given kind
	// regardless of their length. Each subsequent number is required to be
	// no larger than the preceding one.
	//
	// Min[0] is used for passwords consisting of characters from one
	// character class only. The character classes are: digits, lower-case
	// letters, upper-case letters, and other characters. There is also a
	// special class for non-ASCII characters, which could not be
	// classified, but are assumed to be non-digits.
	//
	// Min[1] is used for passwords consisting of characters from two
	// character classes that do not meet the requirements for a
	// passphrase.
	//
	// Min[2] is used for passphrases. Note that besides meeting this
	// length requirement, a passphrase must also consist of a sufficient
	// number of words (see the PassphraseWords option below).
	//
	// Min[3] and Min[4] are used for passwords consisting of characters
	// from three and four character classes, respectively.
	Min [5]int

	// Max is the maximum allowed password length.
	//
	// This can be used to prevent users from setting passwords that may be
	// too long for some system services.
	Max int

	// PassphraseWords is the number of words required for a passphrase.
	// Set to 0 to disable the support for user-chosen passphrases.
	PassphraseWords int

	// MatchLength is the length of common substring required to conclude
	// that a password is at least partially based on information found in
	// a character string, or 0 to disable the substring search.
	//
	// Note that the password will not be rejected once a weak substring is
	// found; it will instead be subjected to the usual strength
	// requirements with the weak substring partially discounted.
	MatchLength int

	// DenySimilar indicates whether a new password is allowed to be
	// similar to the old one.
	//
	// The passwords are considered to be similar when there is a
	// sufficiently long common substring and the new password with the
	// substring partially discounted would be weak.
	DenySimilar bool
}

Policy describes a password strength policy.

func ParsePolicy 

func ParsePolicy(config string) (p *Policy, err error)

ParsePolicy parses a string describing password policy. The format is similar to passwdqc, but a bit relaxed: 

min=N0,N1,N2,N3,N4        default: min=disabled,24,11,8,7
max=N                     default: max=40
passphrase=N              default: passphrase=3
match=N                   default: match=4
similar=permit|deny       default: similar=deny

Configuration items can be separated by a new line or by space, for example: 

min=disabled,16,17,18,19 max=20 passphrase=21 match=22 similar=deny

The order of items is not important. There must be no spaces or excess commas between min values. Items not present in the string are filled from DefaultPolicy.

func (*Policy) Check 

func (p *Policy) Check(newPassword, oldPassword, username []byte) error

Check checks that the new password complies with the policy and returns nil if it does, and Error if not.

If old password or user name are not nil, the are also used for checking, for example, to make sure that the new password sufficiently differs from the old one.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.