Philip Gwyn
and 1 contributors

NAME

Data::Password::Check::JPassword - Check a password's strength

SYNOPSIS

    use Data::Password::Check::JPassword;

    # as part of some UI validation
    sub password_validation
    {
        my( $input ) = @_;
        my $password = $input->value;
        my $c = password_security( $password );
        return 1 if password_strong( $c );
        
        my $error = $input->error_widget;
        my $advice = password_advice( $c );
        $error->text( "Your password is week.  " . 
                         $i18n->get( "password-$advice" );
        $error->show;
        return 0;
    }

    # OO inteface:
    my $JQ = "Data::Password::Check::JPassword";
    my $C = $JQ->security( $password );
    if( $JQ->is_strong( $C ) {
        # ...
    }
    elsif( $JQ->is_medium( $C ) {
        # ...
    }
        

DESCRIPTION

This module implements the jPassword strength algorythim in pure Perl. The algorythim is pretty simple:

  • Leading and trailing spaces are stripped way;

  • Each character is placed in one of 5 categories: uppercase (A-Z), lowercase (a-z), numbers (0-9), punctuation (anything else in the ASCII table) and special (anything not in the ASCII table. Yes, this means all accents are considered special);

  • Each category starts at one and is incremented for each character in that category. The exception being punctuation, which counts double;

  • All the category counds are multiplied together;

  • The finale security score is the natural logarythm of result of the previous step.

In jPassword, a score under 5 is weak, over 10 is strong and between the two is medium.

FUNCTIONS

password_security

    my $C = password_security( $password );

Analyses the strength of a password and returns a hash ref describing the analysis. This hash ref contains the following keys:

uppercase

Number of uppercase letters (A-Z, U+0041-U+005A) plus one.

lowercase

Number of lowercase letters (a-z, U+0061-U+007A) plus one.

number

Number of digits (0-9, U+0030-U+0039) plus one.

punctuation

Double the number of characters in the range U+0000-U+007F that don't fall into the above categories plus one.

special

Number of other characters (U+0080 and up) plus one.

level

Rough estimate of the security level of the password. This is a natural log of the square of the multiplication of the previous 5 keys.

password

The password, after being trimmed.

password_strong

    if( password_string( $password ) ) {
    }

Returns true if the security of $password is ten (10) or greater. Returns false otherwise. You may also pass in the hashref returned by "password_security".

password_medium

    if( password_medium( $password ) ) {
    }

Returns true if the security of $password is five (5) or greater. Returns false otherwise. You may also pass in the hashref returned by "password_security".

password_weak

    if( password_weak( $password ) ) {
    }

Returns true if the security of $password is below 5. Returns false otherwise. You may also pass in the hashref returned by "password_security".

password_advice

    my $need = password_advice( $password );

Returns one category that needs to be impoved. This could then be used to give advice to the user on how to improve his password.

Simply, it looks for the first category that is not in the password.

METHODS

Data::Password::Check::JPassword also provides class methods with for an object-oriented interface.

security

    my $c = Data::Password::Check::JPassword->security( $password );

See "password_security".

is_strong

    if( Data::Password::Check::JPassword->is_strong( $password ) ) {
    }

See "password_strong".

is_medium

    if( Data::Password::Check::JPassword->is_medium( $password ) ) {
    }

See "password_medium".

is_weak

    if( Data::Password::Check::JPassword->is_weak( $password ) ) {
    }

See "password_weak".

advice

    my $category = Data::Password::Check::JPassword->advice( $password );

See "password_advice".

SEE ALSO

jPassword plugin, Data::Password::Simple, Data::Password::Entropy, Data::Password::BasicCheck

AUTHOR

Philip Gwyn, <fil@localdomain>

COPYRIGHT AND LICENSE

Copyright (C) 2013 by Philip Gwyn

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.