Reject passphrase if it is contained in the list of the most commonly used "bad" passwords.

etc/worst/gen_worstpwd.c

@@ -0,0 +1,171 @@
+/******************************************************************************/
+/* SlunkCrypt, by LoRd_MuldeR <MuldeR2@GMX.de>                                */
+/* This work has been released under the CC0 1.0 Universal license!           */
+/******************************************************************************/
+
+#ifdef _MSC_VER
+#define _CRT_SECURE_NO_WARNINGS 1
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#ifdef _MSC_VER
+#define strdup(X) _strdup((X))
+#define strcasecmp(X,Y) _stricmp((X),(Y))
+#define __inline__ __inline
+#endif
+
+#ifdef __MINGW64_VERSION_MAJOR
+int _dowildcard = -1;
+#endif
+
+#define MIN_LENGTH       8U
+#define MAX_LENGTH     128U
+#define TABLE_SIZE 1000000U
+
+static char *g_table[TABLE_SIZE];
+
+static __inline__ int string_compare(void const *lhs, void const *rhs)
+{
+    return strcasecmp(*((const char* const*)lhs), *((const char* const*)rhs));
+}
+
+static __inline__ int is_ascii(const char *str)
+{
+    unsigned char chr;
+    while ((chr = *str++)) {
+        if ((chr < 0x20) || (chr >= 0x7F)) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static __inline__ int append_char(char *const buffer, const size_t size, size_t *const offset, const char chr)
+{
+    if (*offset < size) {
+        buffer[(*offset)++] = chr;
+        return 1;
+    }
+    return 0;
+}
+
+static __inline__ int escape_char(char *const chr)
+{
+    switch (*chr) {
+        case '\\': return 1;
+        case '"' : return 1;
+        case '\a': *chr = 'a'; return 2;
+        case '\b': *chr = 'b'; return 2;
+        case '\n': *chr = 'n'; return 2;
+        case '\r': *chr = 'r'; return 2;
+        case '\t': *chr = 't'; return 2;
+        case '\v': *chr = 'v'; return 2;
+        default:
+            if ((*chr < 0x20) || (*chr == 0x7F)) {
+                return -1;
+            }
+            return 0;
+    }
+}
+
+static __inline__ int escape_str(char *const dst, const size_t capacity, const char *src)
+{
+    size_t offset = 0U;
+    char chr;
+    static const char ESC = '\\', NUL = '\0';
+    while ((chr = *src++)) {
+        switch (escape_char(&chr)) {
+            case 1:
+            case 2:
+                if (!append_char(dst, capacity, &offset, ESC)) {
+                    return -1;
+                }
+            case 0:
+                if (!append_char(dst, capacity, &offset, chr)) {
+                    return -1;
+                }
+                break;
+            default:
+                return 0; /* error! */
+        }
+    }
+    if (!append_char(dst, capacity, &offset, NUL)) {
+        return -1;
+    }
+    return 1;
+}
+
+int main(int argc, char* argv[])
+{
+    char *line, buffer[1024U], escaped[256U];
+    FILE* file = NULL;
+    size_t i, j, len, count = 0U;
+
+    if (argc < 2) {
+        fputs("Error: Input file not specified!\n", stderr);
+        return 1;
+    }
+
+    for (i = 1; i < argc; ++i) {
+        if (!(file = fopen(argv[i], "r"))) {
+            fputs("Error: Failed to open input file!\n", stderr);
+            return 1;
+        }
+
+        while ((line = fgets(buffer, sizeof(buffer), file))) {
+            if ((len = strlen(line)) > 0U) {
+                while ((len > 0U) && ((line[len - 1U] == '\r') || (line[len - 1U] == '\n'))) {
+                    line[--len] = '\0';
+                }
+                while ((len > 0U) && ((line[0U] == '\x20') || (line[0U] == '\t'))) {
+                    ++line; --len;
+                }
+                while ((len > 0U) && ((line[len - 1U] == '\x20') || (line[len - 1U] == '\t'))) {
+                    line[--len] = '\0';
+                }
+                if ((len >= MIN_LENGTH) && (len <= MAX_LENGTH) && is_ascii(line)) {
+                    for (j = 0U; j < count; ++j) {
+                        if (!strcasecmp(line, g_table[j])) {
+                            goto skip_line;
+                        }
+                    }
+                    if (count >= TABLE_SIZE) {
+                        fputs("Error: Too many lines!\n", stderr);
+                        abort();
+                    }
+                    if (escape_str(escaped, sizeof(escaped), line) > 0) {
+                        if (!(g_table[count++] = strdup(escaped))) {
+                            fputs("Error: Memory allocation has failed!\n", stderr);
+                            abort();
+                        }
+                    }
+                    else {
+                        fprintf(stderr, "Failed to encode line: \"%s\"\n", line);
+                    }
+                }
+                skip_line:;
+            }
+        }
+
+        fclose(file);
+    }
+
+    qsort(g_table, count, sizeof(const char*), string_compare);
+
+    printf("#define WORST_PASSWD_SIZE %zuU\n\n", count);
+    puts("static const char *const WORST_PASSWD[WORST_PASSWD_SIZE] =\n{");
+    for (i = 0U; i < count; ++i) {
+        if (i > 0U) {
+            printf(",\n");
+        }
+        printf("\t \"%s\"", g_table[i]);
+    }
+    puts("\n};");
+
+    for (i = 0U; i < count; ++i) {
+        free(g_table[i]);
+    }
+}

frontend/SlunkCrypt.vcxproj

@@ -58,6 +58,7 @@
     <ClCompile Include="src\test_data.c" />
     <ClCompile Include="src\main.c" />
     <ClCompile Include="src\utils.c" />
+    <ClCompile Include="src\worstpwd.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="src\blake2.h" />
@@ -67,6 +68,7 @@
     <ClInclude Include="src\selftest.h" />
     <ClInclude Include="src\test_data.h" />
     <ClInclude Include="src\utils.h" />
+    <ClInclude Include="src\worstpwd.h" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\libslunkcrypt\libSlunkCrypt.vcxproj">

frontend/SlunkCrypt.vcxproj.filters

@@ -36,6 +36,9 @@
     <ClCompile Include="src\pwgen.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="src\worstpwd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="src\utils.h">
@@ -59,6 +62,9 @@
     <ClInclude Include="src\pwgen.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="src\worstpwd.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <Manifest Include="res\compatibility.manifest">

frontend/src/main.c

@@ -8,6 +8,7 @@
 #include "crypt.h"
 #include "pwgen.h"
 #include "selftest.h"
+#include "worstpwd.h"
 
 /* Library */
 #include <slunkcrypt.h>
@@ -272,13 +273,18 @@ int MAIN(const int argc, CHR *const argv[])
 
 	if (slunk_mode == MODE_ENCR)
 	{
-		if (passphrase_len < RCMD_PWDLEN_LENGTH)
+		if (is_passphrase_blacklisted(passphrase_buffer))
 		{
-			FPRINTF(stderr, T("Warning: Using a *short* passphrase; a length of %u characters or more is recommended!\n\n"), (unsigned)RCMD_PWDLEN_LENGTH);
+			FPUTS(T("Error: The given passphrase is forbidden as a precautionary measure, because it is in the list of the most commonly used passwords!\n\n"), stderr);
+			goto clean_up;
+		}
+		else if (passphrase_len < RCMD_PWDLEN_LENGTH)
+		{
+			FPRINTF(stderr, T("Warning: Using a *short* passphrase. A length of %u characters or more is recommended!\n\n"), (unsigned)RCMD_PWDLEN_LENGTH);
 		}
 		else if (weak_passphrase(passphrase_buffer))
 		{
-			FPUTS(T("Warning: Using a *weak* passphrase; a mix of upper-case letters, lower-case letters, digits and other characters is recommended!\n\n"), stderr);
+			FPUTS(T("Warning: Using a *weak* passphrase. A mix of upper-case letters, lower-case letters, digits and other characters is recommended!\n\n"), stderr);
 		}
 	}
 

frontend/src/platform.h

@@ -106,6 +106,7 @@
 #  define STRTOUL(X) wcstoul((X), NULL, 0)
 #  define STRDUP(X) _wcsdup((X))
 #  define strdup(X) _strdup((X))
+#  define strcasecmp(X,Y) _stricmp((X),(Y))
 #  define FPUTS(X,Y) fputws((X),(Y))
 #  define FPRINTF(X,Y,...) fwprintf((X),(Y),__VA_ARGS__)
 #  define REMOVE(X) _wremove((X))

frontend/src/pwgen.c

@@ -6,6 +6,7 @@
 /* Internal */
 #include "pwgen.h"
 #include "utils.h"
+#include "worstpwd.h"
 
 /* Library */
 #include <slunkcrypt.h>
@@ -180,7 +181,7 @@ int generate_passphrase(const size_t length)
 		}
 		buffer[passwd_len] = '\0';
 	}
-	while ((!isalnum((int)buffer[0U])) || (!isalnum((int)buffer[passwd_len - 1U])) || weak_passphrase(buffer));
+	while ((!isalnum((int)buffer[0U])) || (!isalnum((int)buffer[passwd_len - 1U])) || weak_passphrase(buffer) || is_passphrase_blacklisted(buffer));
 
 	FPRINTF(stdout, T("%") T(PRIstr) T("\n\n"), buffer);
 	fflush(stdout);

frontend/src/worstpwd.h

@@ -0,0 +1,13 @@
+/******************************************************************************/
+/* SlunkCrypt, by LoRd_MuldeR <MuldeR2@GMX.de>                                */
+/* This work has been released under the CC0 1.0 Universal license!           */
+/******************************************************************************/
+
+#ifndef INC_SLUNKAPP_WORSTPWD_H
+#define INC_SLUNKAPP_WORSTPWD_H
+
+#include "platform.h"
+
+int is_passphrase_blacklisted(const char *const passwd);
+
+#endif