How does
the password checker work?
- Null characters in
a password are not allowed
- The :
(colon) character is not allowed because some vendors have a problem working
with a colon in a password
- The length of the
password must be at least 6 characters
- The password is checked
(case insensitive) against a big dictionary after truncating common suffixes
-- the suffixes truncated are s, ed, er,
ly, ing.
- The password is checked
(case insensitive) against a big dictionary after truncating all trailing
digits
- The password is checked
in a big dictionary using the first 8 letters of the password
(which are the ones significant to UNIX)
- Certain two letter
combinations are not allowed -- if the password begins with a word in the
big dictionary, and the rest of the password is also a word in the dictionary,
the password is not allowed. This step is case sensitive. Therefore, passwords
Camelate would be disallowed because it is Came
+ late, or Camel + ate.
However, CamelaTE would be allowed because it is a two
letter combination with case differences. Further, 2 letter combinations
that are one word + the beginning of the second word are disallowed -- fleastre
would not be allowed because it is flea + stre(ngth). Note that this is
the most complicated step of all :-)
- One letter prefixing
a dictionary word is not allowed (ahello)
- One letter suffixing
a dictionary word is not allowed (helloa)
- Passwords with naughty
words in them are not allowed -- no point in telling you what words, everyone
knows them
- Passwords that look
like social security numbers are not allowed. Social security numbers are
of the format ddd-dd-dddd, ddddddddd,
where d is a digit.
- Passwords that look
like dates are not allowed. Dates are of the formats d*/d*/d*,
d*-d*-d*, where d* means zero or more
digits -- this is to accomodate 4 digit years, 2 digit years and several
internation conventions of writing the date.
- Seven digit numbers
that could be phone numbers are not accepted. The format is ddd-dddd,
and ddddddd.
- Dates with month abbreviations
are not allowed. The format for this is d*Md* where M
is a month abbreviation. 01jan97 would not be allowed.
- The password cannot
contain the username.
- The password cannot
be the username modified with characters appended to it, or prepended to
it (note that 8 letter usernames can be truncated -- kkenned1
is not allowed if the username is kkennedy)
- Passwords that look
like license plate numbers are not allowed -- The format for this is d?AAAddd
or dddAAA where A is a character, and
d? means zero or one occurence of a digit.
- Sequences of ASCII
characters are not allowed (abcdef)
- Sequences of keyboard
keys are not allowed (qwerty)
- Repeated patterns
are not allowed (abababab)
- Reversed patterns
are not allowed (abccba)