Re: Re: Minimal password checking: a summary

Yesterday night I worked on your suggestion: unfortunately there are many symbols that cannot be mapped uniquely; for example the number 1 could well be mapped to 'l' and 'i' and 'I'; the same holds for other symbols that could be mapped to more than one letter. Taking each and every possibile combination could take a lot of time, and you are always leaving something out.

That's why I chose not to implement it even in a simple form. But if you have some efficient code that takes into account the special cases, you are welcome :-)

Ciao!
--bronto

The very nature of Perl to be like natural language--inconsistant and full of dwim and special cases--makes it impossible to know it all without simply memorizing the documentation (which is not complete or totally correct anyway).
--John M. Dlugosz

Comment on Re: Re: Minimal password checking: a summary

Replies are listed 'Best First'.
Re: Re: Re: Minimal password checking: a summary by dbwiz (Curate) on Jul 30, 2003 at 13:07 UTC
There is a simple way. Instead of checking if a password looks like a username, you can first translate the username into this sort of "code" and then check if they look the same. Something along the lines of my %codes = ( l => 1, L => 1, i => 1, I => 1, z => 2, Z => 2, e => 3, E => 3, h => 4, H => 4, s => 5, S => 5, G => 6, g => 9, t => 7, T => 7, b => 8, B => 8, o => 0, O => 0 ); my $user = 'pileofdung'; my $translated; for (split //, $user) { $translated .= (defined $codes{$_}) ? $codes{$_} : $_; } print $translated,$/; # p1130fdun9 my $password = 'p113.0f.dun9%'; my $match =0; for (split //, $translated) { $match++ if $password =~ /$_/ } print "they match\n" if $match >= length($password) -2; # you can choose how lax you want to be by # setting an appropriate number of characters that # you want to be different between username and password # in this case if all but 2 characters are the same, it # is a bad password [download] Of course, you can use any other comparing methods, but just to give you some ideas to play with.	[reply] [d/l]
Re: Re: Re: Re: Minimal password checking: a summary by bronto (Priest) on Aug 08, 2003 at 13:41 UTC
You are still assuming that a unique mapping is possible, but it isn't. I investigated a little about what symbols and numbers people use to substitute to alphabetic characters, and I had this table: `a/A: @,4 b/B: 6,8,& d/D: 0 e/E: 3,& f/F: # g/G: 9 h/H" # i/I: 1,l j/J: 1 l/L: 1 o/O: 0 p/P: 9 q/Q: 9 s/S: $,5 t/T: + z/Z: 2,7,%` [download] As you can see, a single letter can map to three characters, and a single symbol can map to many characters... A solution could be a junction, but we are speaking about Perl 5, and junctions will come with Perl 6... Any Perl 5 solution of this problem? Ciao! `--bronto` The very nature of Perl to be like natural language--inconsistant and full of dwim and special cases--makes it impossible to know it all without simply memorizing the documentation (which is not complete or totally correct anyway). --John M. Dlugosz	[reply] [d/l]
Re: Re: Re: Re: Re: Minimal password checking: a summary by larsen (Parson) on Aug 08, 2003 at 13:45 UTC
A solution could be a junction, but we are speaking about Perl 5, and junctions will come with Perl 6... Any Perl 5 solution of this problem? Junctions are called Quantum::Superpositions in Perl 5 :)	[reply]