Merozey' Password Strengthen Checker!


(Merozey) #1

In today’s world, there are key things in the digital world that is crucial to keep your digital life secure. If you ask me, there are primarily two that are the most important to secure.

Your e-mail & password.

Like we all know, everybody is lazy and chooses an easy to remember password, and probably also quickly to type, which means it’s short. In my experience, it’s mostly people who are unaware to the great dangers of this lack of precaution.


And, of course your email is likely associated with the vast majority of your existing accounts right now. Am I right? or at least, the majority of these people are again outside of the hacking aspect.

Therefore, I have pondered something, and I want to write a Password Strengthen Checker. I am fully aware of the many password strengthen checkers that are currently out there already, such as in the major companies websites for when you sign up. However, to create a good and relevant password strengthen checker, it’s important you also understand how easy it is to crack passwords, hybrid attacks, dictionary attacks, rainbow tables etc.

By understanding the thorough details of these important aspects, you can then understand how sophisticated of a password you’ll need to create. And as we all know, even though we create such a password, there will always be one company that is able to crack that password in minutes. I’m sure you know who im insinuating.


Conclusion

So, if I were to write this program, I was wondering if you guys would be interested in using it. And analyzing it, if you want to also.


#2

I would be very interested in using it. Great idea mate!


(oaktree) #3

Hmm… I could totally throw one together!!!

EDIT:

@Merozey: are these what you had in mind?

Version 0

#include <ctype.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int main() {
    char pw[64];
    scanf("%s",pw);

    double score = 0.0;
    int i,n;
    for (i = 0, n = strlen(pw); i < n; i++) {
        if (isalpha(pw[i])) {
            score += 1.0; // add 1.0 for each letter
        } else if (isdigit(pw[i])) {
            score += 3.0 / (double)i;
        } else {
            score += 5.0 / (double)i;
        }
    }

    printf("[*] Password score is: %d\n", (int)score);
    return 0;
}

Version 1

#include <ctype.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int main() {
    char pw[64];
    scanf("%s",pw);

    double score;
    int i,n, letters = 0, nums = 0, not_alphanum = 0;
    for (i = 0, n = strlen(pw); i < n; i++) {
        if (isalpha(pw[i])) {
            letters++;
        } else if (isdigit(pw[i])) {
            nums++;
        } else {
            not_alphanum++;
        }
    }

    printf("[*] Password score is: %d\n", (int)( letters / 3 + not_alphanum + nums / 1.5));
    return 0;
}

They are essentially different styles of computing a weighted score based on the frequency of certain classes of characters. Version 0 takes position into account (ex. the closer a number is to the end of the password, the less it is worth).

You may want to play around with the weighting. Each version can yield drastically different results.


#4

The buffer overflow is too strong. There’s also no need to store the input string, you can just use getchar and test each character, then discard the result.


(oaktree) #5

I wrote it quickly. Nonetheless, going character by character is a good idea. Thanks, @dtm – and remember, I’m a C++ guy most of the time, so I don’t see BO instantly; I’d have to be looking.


#6

I know, I know. Any reason you didn’t do it in C++?


(Command-Line Ninja) #7

Awesome idea! If you’re wondering about pure bruteforce https://howsecureismypassword.net/ is your friend.


(oaktree) #8

I was using an older laptop with a fresh install of Linux+i3, so I figured it would definitely have the C compiler. I was wrong; I ended up having to connect to WiFi via command line to ‘apt-get’ the GNU C/C++ tools.