Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 24 Apr 2013 07:20:19 +0400
From: Solar Designer <>
Subject: passwdqc 1.3.0


I've just released passwdqc 1.3.0, a new version of our
password/passphrase strength checking and enforcement tool set:

Changes since 1.2.2 (the previous version released separately from Owl)
are as follows:

Detection of common character sequences has been improved.  This has
reduced the number of passing passwords for RockYou top 100k from
35 to 18, and for RockYou top 1M from 2333 to 2273 (all of these are
with passwdqc's default policy).  I also tested on lists of cracked and
not cracked passwords and reviewed the results manually to ensure
there's no significant increase in false positives.

Generation of random passphrases with non-default settings has been
improved: case toggling has been made optional, possible use of trailing
single characters has been added, words are now separated with dashes
when different separator characters are not in use, and the range of
possible bit sizes of generated passphrases has been expanded (now it is
24 to 85 bits for the programs, and 24 to 136 bits for the API).

The code has been made more robust: possible NULL pointer returns from
crypt(3) are handled correctly, all pre-initialized arrays and structs
are declared as "const", greater use of cpp macros for integer constants
and some source code comments were added (mostly in passwdqc_random.c).

Darwin (Mac OS X) support has been added to the Makefile, loosely based
on a patch by Ronald Ip (thanks!)

pwqcheck.php, a PHP wrapper function around the pwqcheck program, has
been added.  (Originally from the "How to manage a PHP application's
users and passwords" article.)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.