Sunday, November 11, 2012

Test Your Passwords

This is a little follow-up to the post about learning to program in python.
I thought I would throw some code out there for people to play with.

This program is written in python3. It prompts the user to enter a password that they want to test and compares it to complexity requirements and then checks if it is in a file called passwords.txt in the working directory.  It will tell the user if the password meets complexity requirements (currently set for windows' standard for complexity (8+ characters and 3 of the 4 categories: upper case, lower case, number or special characters)  There are some unused functions in this such as num_specials() that are there in case you want to customize it for stricter password requirements.

You will need to provide a passwords.txt file with one word per line of passwords that the user should not use. A good place to look for password lists is pastebin.com

If you are learning python then take a look at the code, run it in IDLE, play with the functions, see if you can extend it to do something cool.

If you are not learning python that's cool just place a password.txt file in the same directory full of words you don't think are good to use (The top 10 most used passwords is a start), and run it like so:

python3 passwordStrengthChecker.py

 Anyway, here is that code:


CompromisedPasswordList = 'passwords.txt'

def min_length(string, length):
    ''' (str, int) -> bool
    Returns True if string is length characters or longer
    '''
    return(len(string) >= length)

def contains_upper(string):
    ''' (str) -> bool
    Returns True if string contains upper case characters
    '''
    for char in string:
        if(char in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'):
            return True

def num_uppers(string):
    ''' (str) -> int
    Returns the number of upper case characters found in string
    '''
    uppers_found = 0
    for char in string:
        if(char in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'):
            uppers_found = uppers_found + 1
    return uppers_found

def contains_lower(string):
    ''' (str) -> bool
    Returns True if string contains lower case characters
    '''
    for char in string:
        if(char in 'abcdefghijklmnopqrstuvwxyz'):
            return True

def num_lowers(string):
    ''' (str) -> int
    Returns the number of lower case characters found in string
    '''
    lowers_found = 0
    for char in string:
        if(char in 'abcdefghijklmnopqrstuvwxyz'):
            lowers_found = lowers_found + 1
    return lowers_found

def contains_num(string):
    ''' (str) -> bool
    Returns True if string contains numbers
    '''
    for char in string:
        if(char in '1234567890'):
            return True

def num_nums(string):
    ''' (str) -> int
    Returns the number of digits found in string
    '''
    nums_found = 0
    for char in string:
        if(char in '1234567890'):
            nums_found = nums_found + 1
    return nums_found

def contains_special(string):
    ''' (str) -> bool
    Returns True if string contains special characters such as !@#$%^&*
    '''
    for char in string:
        if(char not in 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'):
            return True

def num_specials(string):
    ''' (str) -> int
    Returns the number of special characters found in string
    '''
    specials_found = 0
    for char in string:
        if(char not in 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'):
            specials_found = specials_found + 1
    return specials_found

def meets_policy(string):
    ''' (str) -> bool
    Returns True if password policy is met
    '''
    return(min_length(string, 8) and ((contains_special(string) and contains_upper(string) and contains_lower(string)) or (contains_special(string) and contains_upper(string) and contains_num(string)) or (contains_special(string) and contains_num(string) and contains_lower(string)) or (contains_num(string) and contains_upper(string) and contains_lower(string))))

def inCompromisedPasswordList(usersPassword):
    ''' (str) -> bool
    Returns true if usersPassword is in the list defined in CompromisedPasswordList
    '''
    list_file = open(CompromisedPasswordList, 'r')
    line = list_file.readline()
    while(line != ''):
        if usersPassword == line[0:-1]:
            return True
        line = list_file.readline()
       
    list_file.close()
    return False


#check if password meets policy
usersPassword = input('Type the password you want to test: ')

if(meets_policy(usersPassword)):
    print('Congrats, your password meets the minimum complexity requirements')
else:
    print('Fail! This password does not meet our complexity requirements.')

if(inCompromisedPasswordList(usersPassword)):
    print('You should not use this password because it is in a list of passwords recently\nstolen from websites that can be downloaded from the internet.\nThe bad guys often start with passwords they already know people use.')





No comments: