I'm going to agree with what a few others have said and say that you not worry about repeating patterns. Even if a password was ztztztzt, its not anymore likely to be cracked than any other string. What you really have to worry about is passwords that would be in a common dictionary file.

Another thing to consider is every word in a certain dictionary file, plus either appending any two characters, or prepending any two characters. The addition of two characters is not a far stretch for a password cracker to get.

A good idea might be to get a really good dictionary file, then search the password for any substrings that are one of those dictionary words. Then perhaps you could find out how many characters in the password are not said substring, and have some constant number that you check this against.

If you need a strong password policy, I suggest forcing users to use at least ten characters, and suggest that they choose a line from a favorite song, then grab the first or second letter of each word to make up there password. This makes it secure and easy to remember. Easy to remember is important because if your users are writing their passwords down everywhere, there not exactly secure.

In reply to Re: Minimal password check, again by SyN/AcK
in thread Minimal password check, again by bronto

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.