Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130424032019.GA7160@openwall.com>
Date: Wed, 24 Apr 2013 07:20:19 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Cc: passwdqc-users@...ts.openwall.com
Subject: passwdqc 1.3.0

Hi,

I've just released passwdqc 1.3.0, a new version of our
password/passphrase strength checking and enforcement tool set:

http://www.openwall.com/passwdqc/

Changes since 1.2.2 (the previous version released separately from Owl)
are as follows:

Detection of common character sequences has been improved.  This has
reduced the number of passing passwords for RockYou top 100k from
35 to 18, and for RockYou top 1M from 2333 to 2273 (all of these are
with passwdqc's default policy).  I also tested on lists of cracked and
not cracked passwords and reviewed the results manually to ensure
there's no significant increase in false positives.

Generation of random passphrases with non-default settings has been
improved: case toggling has been made optional, possible use of trailing
single characters has been added, words are now separated with dashes
when different separator characters are not in use, and the range of
possible bit sizes of generated passphrases has been expanded (now it is
24 to 85 bits for the programs, and 24 to 136 bits for the API).

The code has been made more robust: possible NULL pointer returns from
crypt(3) are handled correctly, all pre-initialized arrays and structs
are declared as "const", greater use of cpp macros for integer constants
and some source code comments were added (mostly in passwdqc_random.c).

Darwin (Mac OS X) support has been added to the Makefile, loosely based
on a patch by Ronald Ip (thanks!)

pwqcheck.php, a PHP wrapper function around the pwqcheck program, has
been added.  (Originally from the "How to manage a PHP application's
users and passwords" article.)

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.