GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OpenXPKI::Server::Workflow::Validator::PasswordQuality(3) User Contributed Perl Documentation OpenXPKI::Server::Workflow::Validator::PasswordQuality(3)

OpenXPKI::Server::Workflow::Validator::PasswordQuality 

    class: OpenXPKI::Server::Workflow::Validator::PasswordQuality
    arg:
     - $password
    param:
       checks:
        - length
        - dict
       minlen: 6

Check if the given password passes certain quality checks (see the "checks" parameter). The validator fails if it believes the password to be bad.

All configuration can be done using the validator config file.

$password
The password to be validated

Set the list of checks to be performed.

Available checks:

Default

  • "length" - Is it in the range of permitted lengths (default: 8 - 255)?
  • "common" - Is it not a known hacked password like "password" or similiar?
  • "diffchars" - Does it contain enough different characters?
  • "sequence" - Is it a sequence like 12345, abcde, or qwertz?
  • "dict" - Is it not a (reversed or leet speech obfuscated) dictionary word?
  • "entropy" - Is the password entropy above a certain level?

    The entropy score is calculated by first detecting how many different character groups are used (those groups are roughly based on blocks of Unicode's Basic Multilingual Plane).

    The entropy is higher:

  • the more characters the password contains,
  • the less adjacent characters the password contains (i.e. "fghijkl"),
  • the more character groups the password contains,
  • the more characters a group has in total.

Legacy checks

  • "letters" - Does it contain letters?
  • "digits" - Does it contain digits?
  • "specials" - Does it contain non-word characters?
  • "mixedcase" - Does it contain both small and capital letters?
  • "groups" - Does it contain a certain number (default: 2) of different character groups?
  • "partsequence" - Does it not contain usual sequence like 12345, abcde, or qwertz (default sequence length to be checked is 5)?
  • "partdict" - Does it not contain a dictionary word?

To maintain backwards compatibility some legacy checks are enabled automatically depending on the presence of certain configuration parameters (see comments below).

"length" check: set minimum password length (default: 8).

"length" check: set maxmimum password length (default: 255).

"dict" check: a comma separated list of files where the first existing one is used for dictionary checks (default: /usr/dict/web2, /usr/dict/words, /usr/share/dict/words, /usr/share/dict/linux.words).

"diffchars" check: set minimum required different characters to avoid passwords like "000000000000ciao0000000" (default: 6).

"entropy" check: minimum required entropy (default: 60).

Enable "groups" check and set the amount of required different groups (default: 2).

There are four groups: digits, small letters, capital letters, others. So "groups" may be set to a value between 1 and 4.

Enable "partsequence" check and set the length of the sequences that are searched for in the password (default: 5).

E.g. a setting of "following: 4" will complain about passwords containing "abcd" or "1234" or "qwer".

Enable "partdict" check and set the minimal length for dictionary words that are tested to occur in the password. (default: 4).
2022-05-14 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.