Date: Wed, 24 Apr 2013 07:20:19 +0400 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com Cc: passwdqc-users@...ts.openwall.com Subject: passwdqc 1.3.0 Hi, I've just released passwdqc 1.3.0, a new version of our password/passphrase strength checking and enforcement tool set: http://www.openwall.com/passwdqc/ Changes since 1.2.2 (the previous version released separately from Owl) are as follows: Detection of common character sequences has been improved. This has reduced the number of passing passwords for RockYou top 100k from 35 to 18, and for RockYou top 1M from 2333 to 2273 (all of these are with passwdqc's default policy). I also tested on lists of cracked and not cracked passwords and reviewed the results manually to ensure there's no significant increase in false positives. Generation of random passphrases with non-default settings has been improved: case toggling has been made optional, possible use of trailing single characters has been added, words are now separated with dashes when different separator characters are not in use, and the range of possible bit sizes of generated passphrases has been expanded (now it is 24 to 85 bits for the programs, and 24 to 136 bits for the API). The code has been made more robust: possible NULL pointer returns from crypt(3) are handled correctly, all pre-initialized arrays and structs are declared as "const", greater use of cpp macros for integer constants and some source code comments were added (mostly in passwdqc_random.c). Darwin (Mac OS X) support has been added to the Makefile, loosely based on a patch by Ronald Ip (thanks!) pwqcheck.php, a PHP wrapper function around the pwqcheck program, has been added. (Originally from the "How to manage a PHP application's users and passwords" article.) Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.