Reject passphrase if it is contained in the list of the most commonly used "bad" passwords.

This commit is contained in:
LoRd_MuldeR 2024-06-02 15:30:34 +02:00
parent 79d66e4484
commit 1291cf3d75
Signed by: mulder
GPG Key ID: 2B5913365F57E03F
8 changed files with 94281 additions and 4 deletions

171
etc/worst/gen_worstpwd.c Normal file
View File

@ -0,0 +1,171 @@
/******************************************************************************/
/* SlunkCrypt, by LoRd_MuldeR <MuldeR2@GMX.de> */
/* This work has been released under the CC0 1.0 Universal license! */
/******************************************************************************/
#ifdef _MSC_VER
#define _CRT_SECURE_NO_WARNINGS 1
#endif
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#ifdef _MSC_VER
#define strdup(X) _strdup((X))
#define strcasecmp(X,Y) _stricmp((X),(Y))
#define __inline__ __inline
#endif
#ifdef __MINGW64_VERSION_MAJOR
int _dowildcard = -1;
#endif
#define MIN_LENGTH 8U
#define MAX_LENGTH 128U
#define TABLE_SIZE 1000000U
static char *g_table[TABLE_SIZE];
static __inline__ int string_compare(void const *lhs, void const *rhs)
{
return strcasecmp(*((const char* const*)lhs), *((const char* const*)rhs));
}
static __inline__ int is_ascii(const char *str)
{
unsigned char chr;
while ((chr = *str++)) {
if ((chr < 0x20) || (chr >= 0x7F)) {
return 0;
}
}
return 1;
}
static __inline__ int append_char(char *const buffer, const size_t size, size_t *const offset, const char chr)
{
if (*offset < size) {
buffer[(*offset)++] = chr;
return 1;
}
return 0;
}
static __inline__ int escape_char(char *const chr)
{
switch (*chr) {
case '\\': return 1;
case '"' : return 1;
case '\a': *chr = 'a'; return 2;
case '\b': *chr = 'b'; return 2;
case '\n': *chr = 'n'; return 2;
case '\r': *chr = 'r'; return 2;
case '\t': *chr = 't'; return 2;
case '\v': *chr = 'v'; return 2;
default:
if ((*chr < 0x20) || (*chr == 0x7F)) {
return -1;
}
return 0;
}
}
static __inline__ int escape_str(char *const dst, const size_t capacity, const char *src)
{
size_t offset = 0U;
char chr;
static const char ESC = '\\', NUL = '\0';
while ((chr = *src++)) {
switch (escape_char(&chr)) {
case 1:
case 2:
if (!append_char(dst, capacity, &offset, ESC)) {
return -1;
}
case 0:
if (!append_char(dst, capacity, &offset, chr)) {
return -1;
}
break;
default:
return 0; /* error! */
}
}
if (!append_char(dst, capacity, &offset, NUL)) {
return -1;
}
return 1;
}
int main(int argc, char* argv[])
{
char *line, buffer[1024U], escaped[256U];
FILE* file = NULL;
size_t i, j, len, count = 0U;
if (argc < 2) {
fputs("Error: Input file not specified!\n", stderr);
return 1;
}
for (i = 1; i < argc; ++i) {
if (!(file = fopen(argv[i], "r"))) {
fputs("Error: Failed to open input file!\n", stderr);
return 1;
}
while ((line = fgets(buffer, sizeof(buffer), file))) {
if ((len = strlen(line)) > 0U) {
while ((len > 0U) && ((line[len - 1U] == '\r') || (line[len - 1U] == '\n'))) {
line[--len] = '\0';
}
while ((len > 0U) && ((line[0U] == '\x20') || (line[0U] == '\t'))) {
++line; --len;
}
while ((len > 0U) && ((line[len - 1U] == '\x20') || (line[len - 1U] == '\t'))) {
line[--len] = '\0';
}
if ((len >= MIN_LENGTH) && (len <= MAX_LENGTH) && is_ascii(line)) {
for (j = 0U; j < count; ++j) {
if (!strcasecmp(line, g_table[j])) {
goto skip_line;
}
}
if (count >= TABLE_SIZE) {
fputs("Error: Too many lines!\n", stderr);
abort();
}
if (escape_str(escaped, sizeof(escaped), line) > 0) {
if (!(g_table[count++] = strdup(escaped))) {
fputs("Error: Memory allocation has failed!\n", stderr);
abort();
}
}
else {
fprintf(stderr, "Failed to encode line: \"%s\"\n", line);
}
}
skip_line:;
}
}
fclose(file);
}
qsort(g_table, count, sizeof(const char*), string_compare);
printf("#define WORST_PASSWD_SIZE %zuU\n\n", count);
puts("static const char *const WORST_PASSWD[WORST_PASSWD_SIZE] =\n{");
for (i = 0U; i < count; ++i) {
if (i > 0U) {
printf(",\n");
}
printf("\t \"%s\"", g_table[i]);
}
puts("\n};");
for (i = 0U; i < count; ++i) {
free(g_table[i]);
}
}

View File

@ -58,6 +58,7 @@
<ClCompile Include="src\test_data.c" />
<ClCompile Include="src\main.c" />
<ClCompile Include="src\utils.c" />
<ClCompile Include="src\worstpwd.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\blake2.h" />
@ -67,6 +68,7 @@
<ClInclude Include="src\selftest.h" />
<ClInclude Include="src\test_data.h" />
<ClInclude Include="src\utils.h" />
<ClInclude Include="src\worstpwd.h" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\libslunkcrypt\libSlunkCrypt.vcxproj">

View File

@ -36,6 +36,9 @@
<ClCompile Include="src\pwgen.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\worstpwd.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\utils.h">
@ -59,6 +62,9 @@
<ClInclude Include="src\pwgen.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\worstpwd.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<Manifest Include="res\compatibility.manifest">

View File

@ -8,6 +8,7 @@
#include "crypt.h"
#include "pwgen.h"
#include "selftest.h"
#include "worstpwd.h"
/* Library */
#include <slunkcrypt.h>
@ -272,13 +273,18 @@ int MAIN(const int argc, CHR *const argv[])
if (slunk_mode == MODE_ENCR)
{
if (passphrase_len < RCMD_PWDLEN_LENGTH)
if (is_passphrase_blacklisted(passphrase_buffer))
{
FPRINTF(stderr, T("Warning: Using a *short* passphrase; a length of %u characters or more is recommended!\n\n"), (unsigned)RCMD_PWDLEN_LENGTH);
FPUTS(T("Error: The given passphrase is forbidden as a precautionary measure, because it is in the list of the most commonly used passwords!\n\n"), stderr);
goto clean_up;
}
else if (passphrase_len < RCMD_PWDLEN_LENGTH)
{
FPRINTF(stderr, T("Warning: Using a *short* passphrase. A length of %u characters or more is recommended!\n\n"), (unsigned)RCMD_PWDLEN_LENGTH);
}
else if (weak_passphrase(passphrase_buffer))
{
FPUTS(T("Warning: Using a *weak* passphrase; a mix of upper-case letters, lower-case letters, digits and other characters is recommended!\n\n"), stderr);
FPUTS(T("Warning: Using a *weak* passphrase. A mix of upper-case letters, lower-case letters, digits and other characters is recommended!\n\n"), stderr);
}
}

View File

@ -106,6 +106,7 @@
# define STRTOUL(X) wcstoul((X), NULL, 0)
# define STRDUP(X) _wcsdup((X))
# define strdup(X) _strdup((X))
# define strcasecmp(X,Y) _stricmp((X),(Y))
# define FPUTS(X,Y) fputws((X),(Y))
# define FPRINTF(X,Y,...) fwprintf((X),(Y),__VA_ARGS__)
# define REMOVE(X) _wremove((X))

View File

@ -6,6 +6,7 @@
/* Internal */
#include "pwgen.h"
#include "utils.h"
#include "worstpwd.h"
/* Library */
#include <slunkcrypt.h>
@ -180,7 +181,7 @@ int generate_passphrase(const size_t length)
}
buffer[passwd_len] = '\0';
}
while ((!isalnum((int)buffer[0U])) || (!isalnum((int)buffer[passwd_len - 1U])) || weak_passphrase(buffer));
while ((!isalnum((int)buffer[0U])) || (!isalnum((int)buffer[passwd_len - 1U])) || weak_passphrase(buffer) || is_passphrase_blacklisted(buffer));
FPRINTF(stdout, T("%") T(PRIstr) T("\n\n"), buffer);
fflush(stdout);

94077
frontend/src/worstpwd.c Normal file

File diff suppressed because it is too large Load Diff

13
frontend/src/worstpwd.h Normal file
View File

@ -0,0 +1,13 @@
/******************************************************************************/
/* SlunkCrypt, by LoRd_MuldeR <MuldeR2@GMX.de> */
/* This work has been released under the CC0 1.0 Universal license! */
/******************************************************************************/
#ifndef INC_SLUNKAPP_WORSTPWD_H
#define INC_SLUNKAPP_WORSTPWD_H
#include "platform.h"
int is_passphrase_blacklisted(const char *const passwd);
#endif