Checking password strength with CrackLib
Password complexity is a fine balance between memorable passwords and crack-able passwords. But how you measure that? For instance “john192″ is much easier to crack than “9john2″. However password strength tests approach both with the same algorithm. Even company policies are being made up requiring passwords to cary certain amount of digits or symbols.
A fine line is drawn by a CrackLib – a library coming a long way from Unix and designed for a single purposes of assessing password strength. This article is about how to integrate CrackLib into password verification field.
You can see demo: http://agiletech.ie/pwcheck/
Preparing the back-end
Probably all Linux-es come with cracklib. Look for a /usr/sbin/cracklib-check, you will need it to perform a check. This executable takes passwords on the stdin and output either OK or error message on the stdout. We are going to use System/ProcessIO class from ATK to interact with it:
Next, we will need to create a form with a password field:
Now, the easiest would be is if we submitted a form every time user types something, however you can also use “ajaxec”. (If you want me to explain how to use that – please let me know in the comments section)
$p->template->set(‘after_field’,'<br/><span id="’.$p->name.’_strength"> <span>’);
We even take care of the message color. Probably my designer would be happier if i change the class here, he would be able to prepend message with an image. There you have it. I also changed the template of the page to contain light-weight CMS before and after the form. http://www.agiletech.ie/pwcheck/