C code
: under 200 lines.
Document
Password Evaluation Function
----------------------------
int password_eval(password, password_size, effective_size, bufsize)
char *password; /* password string */
int password_size; /* size of password string */
int effective_size; /* effective length of password */
int bufsize; /* max buffer size of password string */
Function password_eval() evaluates the strong level of "password".
The size of password string must be given by "password_size".
Password string length must be under 32. Effective length of password
is given effective_size. Value of effective_size must be grater equal
7. 8-12 are good numbers for effective_size. "bufsize" means a size
of "password" string buffer.
password_eval() returns an evaluated value of password which is given
by 1st argument. Any negative return value means error. Positive
return value means password evaluated value. Programmer must decide
the threshold of acceptable value which was returned by
password_eval(). I recommend return value of password_eval() as more
than 12.
char buf[256];
strncpy(buf,"RKEaBh@$",9);
if ( password_eval(buf,8,10,256) > 12 ) {
/* OK */
}
else {
/* Weak password */
}
If system allows only alphanumeric characters for password, use
-DNOPUNCT flag for compiling.
% gcc -Os -DNOPUNCT -Wall -c peval.c
Background
----------
When users register their password with system, system must check
their password string which is suitable or not for password. Because
users tend to use "weak" password like as "administer", "JohnSmith" or
"flowers". Cracklib have been used by password tools for checking
password spell and entropy of password. Cracklib can check against
dictionary attack with dictionary file(s) which is most 400Kbyte or
more. It's OK for not only server computer system but also personal
use computer.
But the embedded system is hard to save 400Kbyte file on its small
storage. peval.c is a small size program. peval.o which is compiled
by gcc-3.0, is under 2000 byte.
COPYING
-------
password_eval()
Copyright (C) 2000 Hironobu SUZUKI
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License any later version.
This library is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU Lesser General Public License for more
details.
You should have received a copy of the GNU Lesser General
Public License along with this library; if not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330,
Boston, MA 02111-1307 USA
OR SEE THIS URL.
http://www.gnu.org/copyleft/lesser.html