Jump to content

Help with Regex: no-repeating and non-incremental password


simboski19

Recommended Posts

Hi there,

 

I am working with a web api that has specific requirements for the way it's passwords are formatted. I have used regex very rarely and therefore am very unfamiliar with how to structure them.

 

Basically one of the requirements is that the password entered should:

 

Be - not-repeating such as 'aaaa'

 

AND

 

Be - not-incremental such as '1234' or 'abcd'

 

My current code looks like this:

 

// Password requirements:

 

// Length: Minimal 4 chars, maximum 39 chars

if (strlen($password) >= 4 && strlen($password) < 40) {

// the password has at least 4 chars and is less than 40 chars in length

// Move on...

} else {

array_push($errors,'Your <strong>Password</strong> must be between <strong>4 and 39</strong> characters in length. Please try again.');

}

 

// Allowed chars: a-z, A-Z, 0-9, minus, underscore, at-sign and dot

REGEX TO GO HERE?

 

// Additional: not-repeating and not-incremental like 'aaaa' or '1234' or 'abcd'

REGEX TO GO HERE?

 

 

Could someone help me with the formatting please. I did look at the various links on first post in the forum but it was still way over my head!!!?

 

Any help would be much appreciated.

Link to comment
Share on other sites

Requirements such as "non-repetative" and "non-incremental" are not something I would recommend to use.

The reason for this is quite simple: They make passwords easier to crack, by reducing the available entropy, not harder. Not to mention the additional complexity they would add to your check, as its not something you can (properly) do with RegExps.

 

In fact, just about everything except your minimal length requirement (and even that is too short) seem to be geared towards reducing the (available) password complexity. Which is a very, very bad idea.

 

I recommend taking a look at the following thread, as it contains exactly what you need:

http://forums.phpfreaks.com/topic/273119-yet-another-password-regex/

Link to comment
Share on other sites

Thanks for the advice Christian.

 

Yes I 100% agree with your view on the simplicity of the password, however this is controlled by the companies API we are having to tap into. We would indeed make the password much stronger but not our choice.

 

I'll certainly take a look at the link you have sent through.

 

Thanks again.

Link to comment
Share on other sites

...however this is controlled by the companies API we are having to tap into.

My sympathies, in that case.

 

Anyway, as noted you will find most of what you need in that thread. The only thing that's not there, except for the non-repatative and non-incremental bits. The non-repetative can be solved by RegExps, by using sub groups and back referencing. This one will prevent repeating characters and numbers:

/([a-zA-Z\d])\1/

 

However, since you already got to loop through the characters of the string, it would be better to just add the above condition to the same function that tests for incrementing characters. Saves you a RegExp call.

 

You're welcome. :)

Link to comment
Share on other sites

My point is that you're not going to find anything non-incremental with RegExps, simply because that's way out of scope for what Regular Expressions were made for.

 

You need to go back to basics, and treat the string as an array of characters. Then take advantage over PHP's ability to increment ASCII characters by their ASCII value, to solve that requirement.

Since you're already looping through the string one character at at time, to test the next, adding the check to see if the characters are of equal value should be done here as well. It's quite a trivial extra cost, compared to running the additional RegExp, and it gathers the logic of those two (similar) requirements quite nicely.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.