Data::Password::BasicCheck - Basic password checking


  use Data::Password::BasicCheck;

  # Create a password checker object. We require that passwords
  # are at least 6 characters long, and no more than 8. We also
  # require that there are at least L/2 different symbols in the
  # password, where L is the password length. So, for a 6 caracter
  # long password, we require at least 3 different symbols, for
  # 8 characters long password we require at least 4 different
  # symbols, for 7 characters long password we again require
  # 4 symbols, since 7 *.5 = 3.5, which rounds to 4.

  my $pwcheck = Data::Password::BasicCheck->new(6, # minimal length
                                                8, # maximum length
                                                .5) ; # symbol factor

  my $ok = $pwcheck->OK ;
  my $check = $pwcheck->check('My!Pass1','bronto',
                              'Marco', 'Marongiu',
                              'Los Angeles','1971 03 17') ;

  unless ($check eq $ok) { die "Please choose a better password" }
  print "Greetings! Your password was good :-)\n\n" ;


This class is used to build basic password checkers. They don't match password against dictionaries, nor they do complex elaborations. They just check that minimal security conditions are verified.

If you need a more accurate check, e.g. against a dicitonary, you should consider using a different module, like Data::Password.


Data::Password::BasicCheck objects will do the following checks on the given passwords:

  • password length is in a defined range that is estabilished at object creation;

  • there are at least pL symbols in password, where L is password length and p is 0 < p =< 1. If not specified at object creation we assume p = 2/3 (that is: 0.66666...)

  • password contains alphabetic characters, digits and non-alphanumeric characters;

  • rotations of the password don't match it (e.g.: the password a1&a1& matches itself after three rotations)

  • after cleaning away digits and symbols, the password, its reverse and all possible rotations don't match any personal information given (name, surname, city, username)



creates a password checker object. Takes two mandatory arguments and an optional third argument. The are: minimal and maximal password length and a symbol factor, which defaults to 2/3 (0.6666....). A symbol factor is a number p such that 0 < p <= 1. Given p, a password of length L must contain at least round(p*L) characters. For example, a 6-character long password must contain at least 4 different symbols by default.


returns the minimal password length as defined upon object creation.


returns the maximal password length as defined upon object creation.


returns the symbol factor as defined upon object creation, or the default one otherwise.


Takes a password to check as first argument, and an arbitrary length list of personal data (e.g.: user's ID, name, surname, city, birthdate...) It first checks that the password in itself is good; if it isn't, checks to see if there exists at least a segment of minimal length that could be considered secure. It returns an integer value, starting from 0, whose meaning is:


password ok


password too short


password too long


password must contain alphabetic characters, digits and non-alphanumeric symbols;


not enough different symbols in password


password matches itself after some rotations


password matches personal information


password too weak: security checks have failed on the password and on all minimal length segments of it


If you establish that passwords should have a minimal length of 5 characters and a maximal length of 20, you should consider that your system's security depends on password having at least a 5 character long segment that can be considered secure. Since it was hard for me to understand it at first, I'll explain this by example to make it clear.

So, let's suppose that we want passwords from 5 to 15 characters long, with a psym factor of 2/3. The password 1pas; could be considered secure (it has numbers, symbols and alphabetic characters, and each character is unique). What about the password 1pas;aaaaaaaaaa? Well, it won't pass the test for repeated characters (it has 11 a's for an overall length of 15); but you surely noticed that it is exactly the previous password padded with a's to the maximum length. Since the first password was considered secure, we can't consider the second less secure than it, the same way we don't make our car less secure if, besides the normal locks, we add a steering wheel locker (in fact, it should be more secure).

Therefore, if the full length password can be considered secure, that's good. If it's not, but a minimal length segment is, that segment is good, and the rest of the password is added noise, which makes it more secure and not easier to guess.


  • Implement more advanced techniques with Quantum::Superpositions, as suggested by larsen <>


The book Essential System Administration, by Aeleen Frisch, printed by O'Reilly and Associates;

The PerlMonks web site,, where the ideas behind this module have been largely discussed.

Many people among the Italian Perl Mongers, which you can find on IRC on the channel on slashnet


Marco Marongiu, <>


Copyright 2003 by Marco Marongiu

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

7 POD Errors

The following errors were encountered while parsing the POD:

Around line 286:

Expected text after =item, not a number

Around line 290:

Expected text after =item, not a number

Around line 294:

Expected text after =item, not a number

Around line 299:

Expected text after =item, not a number

Around line 303:

Expected text after =item, not a number

Around line 307:

Expected text after =item, not a number

Around line 311:

Expected text after =item, not a number