Password Analysis

[Alan Dayley]

As you have seen many times on this list, google is your friend.  A google 
search of "linux password check program" gave a large list.  The first web 
page in the list (http://www.luv.asn.au/overheads/security/passwords.html) 
has references to password checking programs.  I quote:

<quote>
2. Checking passwords

Any good password program should check for trivial passwords, such as the 
user's name or words contained in /usr/dict/words.

There are a number of programs that can be used to check passwords. Some of 
the more useful programs are:

	pwck checks the validity of each entry in the /etc/passwd and /etc/shadow 
files

 
	npasswd and passwd+ which replace /bin/passwd with a program that rigorously 
checks new passwords that a user enters

 
	crack which is run against a password file (such as /etc/passwd looking for 
easily broken passwords 

The fact that tools such as crack are available should encourage you to 
migrate to shadow passwords if your Linux distribution does not already 
support them.
</quote>

I assume these programs are open source and can easily be spawned by a 
different app to get the return value, thereby checking inputed passwords.  
Give that a go.  Good luck and happy learning!

Alan

On Thursday 19 September 2002 08:20 am, Roderick Ford wrote:
> I noticed that there was a sort of password analysis running during some
> "change password" procedure, where it was telling the "goodness" of a
> password on a scale.  If I entered a good mix of capitals and numbers and
> lowercase, of course, the "goodness" was best.
>
> My question is whether there is some command-line program that does this
> analysis, or if there is a library, that the GUI (I think it was GTK or
> Gnome) was using.
>
> Thanks,
> Rod