パスワードの強度を確認する方法
このスクリプトを書きましたが、[:alnum:]は機能しません。誰か助けて?
echo -n "Enter a password : "
read password
LEN=$(echo ${#password})
if [ $LEN -lt 10 ]; then
echo "$password is smaller than 10 characters"
else
if ! [ -z `echo $password | tr -d "[:alnum:]"` ]; then
echo "$password is a weak password"
else
echo "$password is a strong password"
fi
fi
echo
パスワードの強度を本当に確認したい場合は、cracklib-checkパッケージのcracklib-runtimeを使用する必要があります(デフォルトでインストールされます)。
$ echo foo | cracklib-check
foo: it is WAY too short
$ echo foobar | cracklib-check
foobar: it is based on a dictionary Word
$ echo foobared | cracklib-check
foobared: it is based on a dictionary Word
$ echo foobared123 | cracklib-check
foobared123: it is too simplistic/systematic
$ echo '!'foobared123 | cracklib-check
!foobared123: OK
匂いはひどく、私にとってはXY問題のようです。 パスワードを操作するための独自のツールを作成することはありません。少なくともここでパスワードの保存を扱っているわけではありませんが、コードで最初に頭に浮かぶのは、すべてを入力できることです-数字のパスワードと「強力な」と考えさせる(実際には、アルファベットのみのパスワードよりもはるかに弱い)。セキュリティ/パスワード処理へのこのアプローチを続けると、遅かれ早かれ落ちてしまい、それが起こったときにきれいにならないでしょう。
正しい解決策は、外部ライブラリまたはヘルパーアプリケーションを使用してパスワードの強度を決定する(および他のパスワード関連タスクを実行する)ことです。最近のほとんどのLinuxシステムには、安全な方法ですべての認証関連タスクを実行できるPAMがあります(ボーナスとして、ユーザーのシステムの構成方法に応じて、パスワード以外の認証方法のサポートが得られます)。パスワードの強度を決定するヘルパーアプリケーション。
パスワードを作成する良い方法が必要な場合
見る
あなたの質問:パスワードの強度を確認する方法は?
パスワードの特定の側面のみをチェックするか、各メソッドに特定のツールを使用してパスワードまたは一般的なブルートフォースメソッドを作成できます(攻撃者がメソッドを知らない場合)。
Shellscript pwdcheck using cracklib-check
#!/bin/bash
# setting variables
usage="Use 4 words chosen randomly, see this link:
https://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase"
minlen=20 # can be modified here
short="is shorter than $minlen characters"
goodmix="is long enough"
badmix="is too short
$usage"
separator="-------"
# checking parameter
if [ "$1" == "-h" ] || [ "$1" == "--help" ] || [ $# -gt 1 ]; then
echo "${0##*/} uses 'cracklib-check'"
echo "----------------------------------------------------------------"
echo "Usage: $0 CandidateContaining4DifferentWords"
echo "Example: $0 At-least-$minlen-char"
echo " $0 'Should.be.selected.via.*random*.process'"
echo " $0 'Single-quote-for-1-special-character!'"
echo " $0 'FindPatternByDigitalTest123'"
echo " $0 'Provoke1pattern2search3by4separating5words'"
echo "$usage"
exit
Elif [ $# -eq 0 ]; then
echo "$usage"
echo "----------------------------------------------------------------"
read -p "Enter a password : " password
Elif [ $# -eq 1 ]; then
password="$1"
fi
# checking and installing if necessary
which cracklib-check > /dev/null
if [ $? -eq 1 ]; then
read -p "Do you want to install 'cracklib-runtime' to get 'cracklib-check'? (y/N) " ans
if [ "$ans" == "y" ]; then
Sudo apt-get update && Sudo apt-get install cracklib-runtime
fi
fi
if [ ${#password} -lt $minlen ]; then
result="$short"
else
result="$goodmix"
case "$password" in
*[![:alnum:]]*)
alnm="'$password' contains characters other than ASCII letters and digits";;
# result="$badmix";;
*)
alnm="$password contains only ASCII letters and digits";;
esac
fi
echo "Test 1 - size&mix: '$password' $result"
test ${#password} -lt $minlen || echo "$alnm"
if [ "$result" == "$badmix" ] || [ "$result" == "$short" ]; then
total="is bad"
else
total='is good'
fi
echo "$separator"
echo "Test 2 - Lexicon: '$password'"
sed -e 's/[0-9]/123\n/g' -e 's/$//' -e 's/[§!@£$€#¤%/()=?*,;.:_-~ ]/123\n/g' -e 's/$/123/g' \
<<< "$password" | LANG=C cracklib-check |sed 's/123: /: /'| \
grep 'it is based on a dictionary Word'
if [ $? -ne 0 ]; then
echo 'no comment'
fi
echo "$separator"
echo "Test 3 - digital: '$password'"
sed -e 's/[[:alpha:]]//g' -e 's/[§!@£$€#¤%/()=?*,;.:_-~ ]//g' -e 's/$/xyz/' \
<<< "$password" | LANG=C cracklib-check |sed 's/xyz: /: /'| \
grep 'it is too simplistic/systematic'
if [ $? -eq 0 ]; then
total='is bad'
else
echo 'is good'
fi
echo "$separator"
echo "Test 4 - cracklib-check: '$password'"
LANG=C cracklib-check <<< "$password" | tee /dev/stderr | grep ': OK' > /dev/null
if [ $? -eq 0 ]; then
echo='is good'
else
total='is bad'
fi
if [ "$total" == "is good" ]; then
echo "$separator"
ans=
while [ "$ans" != "g" ] && [ "$ans" != "b" ]
do
read -p "Test 5 - manual: Is '$password' a good or bad password? (g/b) " ans
if [ "$ans" == "g" ]; then
echo 'is good'
Elif [ "$ans" == "b" ]; then
total='is bad'
echo "$total"
fi
done
fi
echo "$separator"
if [ "$total" == "is good" ]; then
echo "Every test result for '$password' $total: No weakness found :-)"
else
echo "Some test result for '$password' $total: Some weakness found :-("
fi
ヘルプテキスト
現在のディレクトリ、テストディレクトリで実行します。シェルスクリプトファイルがある場所、
$ ./pwdcheck -h
pwdcheck uses 'cracklib-check'
----------------------------------------------------------------
Usage: ./pwdcheck CandidateContaining4DifferentWords
Example: ./pwdcheck At-least-20-char
./pwdcheck 'Should.be.selected.via.*random*.process'
./pwdcheck 'Single-quote-for-1-special-character!'
./pwdcheck 'FindPatternByDigitalTest123'
./pwdcheck 'Provoke1pattern2search3by4separating5words'
Use 4 words chosen randomly, see this link:
https://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase
Cracklibプログラムパッケージ
$ apt-cache policy cracklib-runtime
cracklib-runtime:
Installerad: 2.9.2-1ubuntu1
Kandidat: 2.9.2-1ubuntu1
Versionstabell:
*** 2.9.2-1ubuntu1 500
500 http://se.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
100 /var/lib/dpkg/status
2.9.2-1build2 500
500 http://se.archive.ubuntu.com/ubuntu xenial/main i386 Packages
ヘルプテキストからさまざまな例をテストする
手動テストは重要ですが、賢く使用してください
手動での検査と「テスト」は、本当に悪いパスワードを避けるために重要かもしれませんが、評判の良い自動ランダム方式を使用した場合は、それに頼って結果の改ざんを避けるべきです、おそらくパスワードを解読しやすくするためです。
$ ./pwdcheck CandidateContaining4DifferentWords
Test 1 - size&mix: 'CandidateContaining4DifferentWords' is long enough
CandidateContaining4DifferentWords contains only ASCII letters and digits
-------
Test 2 - Lexicon: 'CandidateContaining4DifferentWords'
no comment
-------
Test 3 - digital: 'CandidateContaining4DifferentWords'
is good
-------
Test 4 - cracklib-check: 'CandidateContaining4DifferentWords'
CandidateContaining4DifferentWords: OK
-------
Test 5 - manual: Is 'CandidateContaining4DifferentWords' a good or bad password? (g/b) b
is bad
-------
Some test result for 'CandidateContaining4DifferentWords' is bad: Some weakness found :-(
# comment: This password is published here!
##### Short password #####
$ ./pwdcheck At-least-20-char
Test 1 - size&mix: 'At-least-20-char' is shorter than 20 characters
-------
Test 2 - Lexicon: 'At-least-20-char'
least: it is based on a dictionary Word
char: it is based on a dictionary Word
-------
Test 3 - digital: 'At-least-20-char'
is good
-------
Test 4 - cracklib-check: 'At-least-20-char'
At-least-20-char: OK
-------
Some test result for 'At-least-20-char' is bad: Some weakness found :-(
##### Reminder about random process #####
$ ./pwdcheck 'Should.be.selected.via.*random*.process'
Test 1 - size&mix: 'Should.be.selected.via.*random*.process' is long enough
'Should.be.selected.via.*random*.process' contains characters other than ASCII letters and digits
-------
Test 2 - Lexicon: 'Should.be.selected.via.*random*.process'
Should: it is based on a dictionary Word
selected: it is based on a dictionary Word
via: it is based on a dictionary Word
random: it is based on a dictionary Word
process: it is based on a dictionary Word
-------
Test 3 - digital: 'Should.be.selected.via.*random*.process'
is good
-------
Test 4 - cracklib-check: 'Should.be.selected.via.*random*.process'
Should.be.selected.via.*random*.process: OK
-------
Test 5 - manual: Is 'Should.be.selected.via.*random*.process' a good or bad password? (g/b) g
is good
-------
Every test result for 'Should.be.selected.via.*random*.process' is good: No weakness found :-)
# comment: Do not use the password literally ;-)
##### Single quote the password, if you intend to use special characters #####
##### Words are found by Lexicon test (using cracklib-check), and accepted #####
$ ./pwdcheck 'Single-quote-for-1-special-character!'
Test 1 - size&mix: 'Single-quote-for-1-special-character!' is long enough
'Single-quote-for-1-special-character!' contains characters other than ASCII letters and digits
-------
Test 2 - Lexicon: 'Single-quote-for-1-special-character!'
Single: it is based on a dictionary Word
quote: it is based on a dictionary Word
for: it is based on a dictionary Word
special: it is based on a dictionary Word
character: it is based on a dictionary Word
-------
Test 3 - digital: 'Single-quote-for-1-special-character!'
is good
-------
Test 4 - cracklib-check: 'Single-quote-for-1-special-character!'
Single-quote-for-1-special-character!: OK
-------
Test 5 - manual: Is 'Single-quote-for-1-special-character!' a good or bad password? (g/b) b
is bad
-------
Some test result for 'Single-quote-for-1-special-character!' is bad: Some weakness found :-(
##### Showing how the digital test works (it uses cracklib-check) #####
$ ./pwdcheck 'FindPatternByDigitalTest123'
Test 1 - size&mix: 'FindPatternByDigitalTest123' is long enough
FindPatternByDigitalTest123 contains only ASCII letters and digits
-------
Test 2 - Lexicon: 'FindPatternByDigitalTest123'
no comment
-------
Test 3 - digital: 'FindPatternByDigitalTest123'
123: it is too simplistic/systematic
-------
Test 4 - cracklib-check: 'FindPatternByDigitalTest123'
FindPatternByDigitalTest123: OK
-------
Some test result for 'FindPatternByDigitalTest123' is bad: Some weakness found :-(
##### Showing the Lexicon test and the digital test #####
$ ./pwdcheck 'Provoke1pattern2search3by4separating5words'
Test 1 - size&mix: 'Provoke1pattern2search3by4separating5words' is long enough
Provoke1pattern2search3by4separating5words contains only ASCII letters and digits
-------
Test 2 - Lexicon: 'Provoke1pattern2search3by4separating5words'
Provoke: it is based on a dictionary Word
pattern: it is based on a dictionary Word
search: it is based on a dictionary Word
separating: it is based on a dictionary Word
words: it is based on a dictionary Word
-------
Test 3 - digital: 'Provoke1pattern2search3by4separating5words'
12345: it is too simplistic/systematic
-------
Test 4 - cracklib-check: 'Provoke1pattern2search3by4separating5words'
Provoke1pattern2search3by4separating5words: OK
-------
Some test result for 'Provoke1pattern2search3by4separating5words' is bad: Some weakness found :-(
##### Run interactively without any parameter #####
$ ./pwdcheck
Use 4 words chosen randomly, see this link:
https://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase
----------------------------------------------------------------
Enter a password : CandidateContaining4DifferentWords
Test 1 - size&mix: 'CandidateContaining4DifferentWords' is long enough
CandidateContaining4DifferentWords contains only ASCII letters and digits
-------
Test 2 - Lexicon: 'CandidateContaining4DifferentWords'
no comment
-------
Test 3 - digital: 'CandidateContaining4DifferentWords'
is good
-------
Test 4 - cracklib-check: 'CandidateContaining4DifferentWords'
CandidateContaining4DifferentWords: OK
-------
Test 5 - manual: Is 'CandidateContaining4DifferentWords' a good or bad password? (g/b) g
is good
-------
Every test result for 'CandidateContaining4DifferentWords' is good: No weakness found :-)
sudodus@xenial32 /media/multimed-2/test/test0/pwdstrength $
td -d "[:alnum:]"
私のために働く:
$> echo '123§45!67M89(0' | tr -d "[:alnum:]"
§!(
次のように使用できます
#!/bin/bash
echo -n "Enter a password : "
read password
LEN=$(echo ${#password})
if [ $LEN -lt 10 ]; then
echo "$password is smaller than 10 characters"
else
if [ $(echo $password | tr -d "[:alnum:]" | wc -w) -eq 0 ]; then
echo "$password is a weak password"
else
echo "$password is a strong password"
fi
fi echo
wc -wは単語をカウントします。
したがって、すべての
alnumを削除し、単語数が0=> true =>弱いパスワードである場合ワード数が
1の場合(またはスペースが使用されている場合はそれ以上)=> false =>強力なパスワード