[svlug] testing a password with bash.

James Sparenberg james at linuxrebel.org
Thu May 1 16:53:38 PDT 2008 

On Thursday 01 May 2008 08:01:00 am Paul Reiber wrote:
> use sed.
> -pbr
>
> On Thu, May 1, 2008 at 3:29 AM, James Sparenberg <james at linuxrebel.org> 
wrote:
> > All,
> >
> >    Bash question for all of you.   I'm putting together a script that
> > reaches out to all my systems based on user role, and can either add,
> > del, or update a users name/passwd.  Now comes the question.
> >
> >    I want to be able to verify quality of the password.  # of characters
> > is easy.  pipe it through wc -m and see if it's greater than the minimum.
> >  How though would you recommend I go about verifying things like
> >
> >  1.  Not based on Dictionary word.
> >  2.  Has Upper and lower case
> >  3.  Contains at least 1 number or special character.
> >
> >  Special rules of sort.  It has to work on FreeBSD, RH and Debian.  I run
> > a multi-Ethnic environment ;)   here and need to be sure that ever system
> > produces the same results.
> >
> >  Suggestions? (and switching to XYZ lang isn't really an option here.)
> >
> >  James


Ok.  Replying to several people at once. 

About 4am I got a one liner working by using one command from the 
cracklib2-runtime package.  

status=`echo $uPass | crack_testlib | awk -F\: '{ print $2 }'`


To test for length I'm running it through wc -m 

The crack_testlib utility was created to test the quality of your cracklib 
word list.  But hey,  works treat here. 

Yes some simplistic passwords do slip through, and yes I know about overly 
complicated passwords leading to crib notes under the keyboard.  But ....

The kind of password I use for myself.  *fj&U2k)rN

The "overly complicated" passwords I hand out  FjuTr9k1   I know that fjutr9k1 
would be one people would think would be easier to remember, but john the 
ripper gets it in under 30 seconds ... it at least takes a minute for the one 
with uppercase... *sigh* 

My solution to that.  I use pam.d and access control for ssh.  Limit my 
vulnerable points to a set I can monitor.  

To test for length I'm running it through wc -m 

James

More information about the svlug mailing list