On Tue, Feb 18, 2003 at 07:11:05AM -0800, Michael R. Wolf wrote:
> Abigail <[EMAIL PROTECTED]> writes:
>
> > On Mon, Feb 17, 2003 at 07:40:46PM -0000, Matt Groves wrote:
> > >
> > > Hello,
> > >
> > > I'm looking for the shortest, cleverest possible solution to this. When
> > > changing a password, I need a RegExp which will ensure the following
> > > criteria :
> > >
> > > 1. It must be at least 6 characters
> > >
> > > 2. It must contain at least one lower case letter [a-z]
> > >
> > > 3. It must contain at least one upper case letter [A-Z]
> > >
> > > 4. It must contain at least one number [0-9]
> > >
> > > 5. Optionally, it can cover for accepted non-alphanumeric chars such as
> > > "_", "-" etc (but not "#"), and a maximum password length of 14
> > > characters
> >
> > I'm not going to claim this is the shortest solution, but this
> > is very straightforward (and untested):
> >
> > /^(?=.{6}) # At least 6 characters long.
> > (?=.*[a-z]) # Contains a lowercase letter.
> > (?=.*[A-Z]) # Contains an uppercase letter.
> > (?=.*[0-9]) # Contains a digit.
> > (?=.*[-_]) # Contains a dash or an underscore.
> > (?!.{15}) # Doesn't contain 15 characters.
> > /xs;
>
> I don't see that the /s is necessary. Can a password really contain a
> newline?
Since we don't know what the passwords are for, that's a bit hard
to answer. Clearly it's not traditional Unix passwords - the
optional requirement of at most 14 characters would be silly in
that case. Nevertheless, AFAIK, Unix passwords may have newlines
in them. My Debian system certainly allows newlines in passwords
but it's not using the traditional crypt(), but an MD5 hash instead.
I haven't tried entering it at the login prompt, but from the shell
newlines can be entered by typing <CTRL-V><CTRL-J>, and then at least
you would be able to 'su' to the account.
And the encrypted password I get by issuing 'passwd' and entering a
password with <CTRL-V><CTRL-J> in it, is the same I get from crypt(),
and using "\n" in it.
Abigail
