Re: Re: Re: Minimal password checking: a summary

There is a simple way. Instead of checking if a password looks like a username, you can first translate the username into this sort of "code" and then check if they look the same. Something along the lines of

my %codes = (
  l => 1, L => 1,
  i => 1, I => 1,
  z => 2, Z => 2,
  e => 3, E => 3,
  h => 4, H => 4,
  s => 5, S => 5,
  G => 6, g => 9,
  t => 7, T => 7,
  b => 8, B => 8,
  o => 0, O => 0
  );
my $user = 'pileofdung';
my $translated;

for (split //, $user) {
    $translated .= (defined $codes{$_}) ?  $codes{$_} : $_;
}

print $translated,$/; # p1130fdun9

my $password = 'p113.0f.dun9%';

my $match =0;
for (split //, $translated) {
    $match++  if $password =~ /$_/
}
print "they match\n" if $match >= length($password) -2;
# you can choose how lax you want to be by
# setting an appropriate number of characters that
# you want to be different between username and password
# in this case if all but 2 characters are the same, it
# is a bad password
[download]

Of course, you can use any other comparing methods, but just to give you some ideas to play with.

Comment on Re: Re: Re: Minimal password checking: a summary Download Code

Replies are listed 'Best First'.
Re: Re: Re: Re: Minimal password checking: a summary by bronto (Priest) on Aug 08, 2003 at 13:41 UTC
You are still assuming that a unique mapping is possible, but it isn't. I investigated a little about what symbols and numbers people use to substitute to alphabetic characters, and I had this table: `a/A: @,4 b/B: 6,8,& d/D: 0 e/E: 3,& f/F: # g/G: 9 h/H" # i/I: 1,l j/J: 1 l/L: 1 o/O: 0 p/P: 9 q/Q: 9 s/S: $,5 t/T: + z/Z: 2,7,%` [download] As you can see, a single letter can map to three characters, and a single symbol can map to many characters... A solution could be a junction, but we are speaking about Perl 5, and junctions will come with Perl 6... Any Perl 5 solution of this problem? Ciao! `--bronto` The very nature of Perl to be like natural language--inconsistant and full of dwim and special cases--makes it impossible to know it all without simply memorizing the documentation (which is not complete or totally correct anyway). --John M. Dlugosz	[reply] [d/l]
Re: Re: Re: Re: Re: Minimal password checking: a summary by larsen (Parson) on Aug 08, 2003 at 13:45 UTC
A solution could be a junction, but we are speaking about Perl 5, and junctions will come with Perl 6... Any Perl 5 solution of this problem? Junctions are called Quantum::Superpositions in Perl 5 :)	[reply]