In my organization, users must generate a password from numbers only (keypads are used to access), minimum length is 8 numbers. How can I make sure the password the user generats is not too weak (using c# on server procossing password change request), applying the following rule:
The regular expression is:
^((?!(?<ch>.)\k<ch>\k<ch>)(?!012|123|234|345|456|567|678|789|890)[0-9]){8,}$
The (?!(?<ch>.)\k<ch>\k<ch>) will check for the same character repeated thrice. Note that for the various contiguous sequences I had to put them in a list of possible sequences, (?!012|123|234|345|456|567|678|789|890). [0-9] is the character that will be accepted as valid. The {8,} is for the minimum length.
If you want a general-purpose approach which tells you the number of repeated, ascending and descending digits:
static void checkStrength(string text, out int maxRepeats, out int maxAscending, out int maxDescending)
{
maxRepeats = 0;
maxAscending = 0;
maxDescending = 0;
int currRepeats = 0;
int currAscending = 0;
int currDescending = 0;
for (int i = 1; i < text.Length; ++i)
{
char curr = text[i];
char prev = text[i-1];
if (curr - prev == -1)
maxDescending = Math.Max(maxDescending, ++currDescending);
else
currDescending = 1;
if (curr - prev == 1)
maxAscending = Math.Max(maxAscending, ++currAscending);
else
currAscending = 1;
if (curr == prev)
maxRepeats = Math.Max(maxRepeats, ++currRepeats);
else
currRepeats = 1;
}
}
You would have to call this and then do what you want with the results:
int maxRepeats, maxAscending, maxDescending;
checkStrength(text, out maxRepeats, out maxAscending, out maxDescending);
if (maxRepeats > REPEAT_LIMIT || maxAscending > ASCENDING_LIMIT || maxDescending > DESCENDING_LIMIT)
{
// ... report error or whatever
}
If you don't need to vary the allowed number of repeated or ascending digits, then xanatos' regex is clearly by far the shortest code. This code is only needed if you need to vary the allowed counts at runtime.
