NAME
Data::Password::Check::JPassword - Check a password's strength
SYNOPSIS
use Data::Password::Check::JPassword;
# as part of some UI validation
sub password_validation
{
my( $input ) = @_;
my $password = $input->value;
my $c = password_security( $password );
return 1 if password_strong( $c );
my $error = $input->error_widget;
my $advice = password_advice( $c );
$error->text( "Your password is week. " .
$i18n->get( "password-$advice" );
$error->show;
return 0;
}
# OO inteface:
my $JQ = "Data::Password::Check::JPassword";
my $C = $JQ->security( $password );
if( $JQ->is_strong( $C ) {
# ...
}
elsif( $JQ->is_medium( $C ) {
# ...
}
DESCRIPTION
This module implements the jPassword strength algorythim in pure Perl. The algorythim is pretty simple:
Leading and trailing spaces are stripped way;
Each character is placed in one of 5 categories: uppercase (A-Z), lowercase (a-z), numbers (0-9), punctuation (anything else in the ASCII table) and special (anything not in the ASCII table. Yes, this means all accents are considered special);
Each category starts at one and is incremented for each character in that category. The exception being punctuation, which counts double;
All the category counds are multiplied together;
The finale security score is the natural logarythm of result of the previous step.
In jPassword, a score under 5 is weak, over 10 is strong and between the two is medium.
FUNCTIONS
password_security
my $C = password_security( $password );Analyses the strength of a password and returns a hash ref describing the analysis. This hash ref contains the following keys:
- uppercase
-
Number of uppercase letters (A-Z, U+0041-U+005A) plus one.
- lowercase
-
Number of lowercase letters (a-z, U+0061-U+007A) plus one.
- number
-
Number of digits (0-9, U+0030-U+0039) plus one.
- punctuation
-
Double the number of characters in the range U+0000-U+007F that don't fall into the above categories plus one.
- special
-
Number of other characters (U+0080 and up) plus one.
- level
-
Rough estimate of the security level of the password. This is a natural log of the square of the multiplication of the previous 5 keys.
- password
-
The password, after being trimmed.
password_strong
if( password_string( $password ) ) {
}Returns true if the security of $password is ten (10) or greater. Returns false otherwise. You may also pass in the hashref returned by "password_security".
password_medium
if( password_medium( $password ) ) {
}Returns true if the security of $password is five (5) or greater. Returns false otherwise. You may also pass in the hashref returned by "password_security".
password_weak
if( password_weak( $password ) ) {
}Returns true if the security of $password is below 5. Returns false otherwise. You may also pass in the hashref returned by "password_security".
password_advice
my $need = password_advice( $password );Returns one category that needs to be impoved. This could then be used to give advice to the user on how to improve his password.
Simply, it looks for the first category that is not in the password.
METHODS
Data::Password::Check::JPassword also provides class methods with for an object-oriented interface.
security
my $c = Data::Password::Check::JPassword->security( $password );See "password_security".
is_strong
if( Data::Password::Check::JPassword->is_strong( $password ) ) {
}See "password_strong".
is_medium
if( Data::Password::Check::JPassword->is_medium( $password ) ) {
}See "password_medium".
is_weak
if( Data::Password::Check::JPassword->is_weak( $password ) ) {
}See "password_weak".
advice
my $category = Data::Password::Check::JPassword->advice( $password );See "password_advice".
SEE ALSO
jPassword plugin, Data::Password::Simple, Data::Password::Entropy, Data::Password::BasicCheck
AUTHOR
Philip Gwyn, <fil@localdomain>
COPYRIGHT AND LICENSE
Copyright (C) 2013 by Philip Gwyn
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.