.net 如何检查密码强度?
如何使用.Net Framework检查密码(作为.net 如何检查密码强度?,.net,security,cryptography,passwords,.net,Security,Cryptography,Passwords,如何使用.Net Framework检查密码(作为字符串)的强度?基本但逻辑: enum PasswordScore { Blank = 0, VeryWeak = 1, Weak = 2, Medium = 3, Strong = 4, VeryStrong = 5 } public class PasswordAdvisor { public static PasswordScore CheckStrength(string pass
字符串
)的强度?基本但逻辑:
enum PasswordScore
{
Blank = 0,
VeryWeak = 1,
Weak = 2,
Medium = 3,
Strong = 4,
VeryStrong = 5
}
public class PasswordAdvisor
{
public static PasswordScore CheckStrength(string password)
{
int score = 1;
if (password.Length < 1)
return PasswordScore.Blank;
if (password.Length < 4)
return PasswordScore.VeryWeak;
if (password.Length >= 8)
score++;
if (password.Length >= 12)
score++;
if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript))
score++;
if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript) &&
Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript))
score++;
if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript))
score++;
return (PasswordScore)score;
}
}
枚举密码分数
{
空白=0,
VeryWeak=1,
弱=2,
中等=3,
Strong=4,
VeryStrong=5
}
公共类密码顾问
{
公共静态PasswordScore CheckStrength(字符串密码)
{
智力得分=1;
if(password.Length<1)
返回PasswordScore。为空;
如果(密码长度<4)
返回PasswordScore.VeryWeak;
如果(password.Length>=8)
分数++;
如果(password.Length>=12)
分数++;
if(Regex.Match(密码@/\d+/”,RegexOptions.ECMAScript))
分数++;
if(Regex.Match(密码@/[a-z]/”,RegexOptions.ECMAScript)&&
Regex.Match(密码@/[A-Z]/”,RegexOptions.ECMAScript))
分数++;
if(Regex.Match(密码,@/.[,@,#,$,%,^,&,*,?,,~,-,(,)]/”,RegexOptions.ECMAScript))
分数++;
返回(密码分数)分数;
}
}
Ref:这是我使用的一个简单JavaScript示例,将其移植到.Net应该不是很难
var getStrength = function (passwd) {
intScore = 0;
intScore = (intScore + passwd.length);
if (passwd.match(/[a-z]/)) {
intScore = (intScore + 1);
}
if (passwd.match(/[A-Z]/)) {
intScore = (intScore + 5);
}
if (passwd.match(/\d+/)) {
intScore = (intScore + 5);
}
if (passwd.match(/(\d.*\d)/)) {
intScore = (intScore + 5);
}
if (passwd.match(/[!,@#$%^&*?_~]/)) {
intScore = (intScore + 5);
}
if (passwd.match(/([!,@#$%^&*?_~].*[!,@#$%^&*?_~])/)) {
intScore = (intScore + 5);
}
if (passwd.match(/[a-z]/) && passwd.match(/[A-Z]/)) {
intScore = (intScore + 2);
}
if (passwd.match(/\d/) && passwd.match(/\D/)) {
intScore = (intScore + 2);
}
if (passwd.match(/[a-z]/) && passwd.match(/[A-Z]/) && passwd.match(/\d/) && passwd.match(/[!,@#$%^&*?_~]/)) {
intScore = (intScore + 2);
}
return intScore;
}
如果我可以展示我定制的示例实现,比如Teoman Soygul的(以及我见过的其他类似的示例)。。。我的实现有一个不同的评分方案,并使用最低要求以及检查重复字符
public enum PasswordScore
{
Blank = 0,
TooShort = 1,
RequirementsNotMet = 2,
VeryWeak = 3,
Weak = 4,
Fair = 5,
Medium = 6,
Strong = 7,
VeryStrong = 8
}
public static PasswordScore CheckStrength(string password)
{
int score = 0;
// using three requirements here: min length and two types of characters (numbers and letters)
bool blnMinLengthRequirementMet = false;
bool blnRequirement1Met = false;
bool blnRequirement2Met = false;
// check for chars in password
if (password.Length < 1)
return PasswordScore.Blank;
// if less than 6 chars, return as too short, else, plus one
if (password.Length < 6)
{
return PasswordScore.TooShort;
}
else
{
score++;
blnMinLengthRequirementMet = true;
}
// if 8 or more chars, plus one
if (password.Length >= 8)
score++;
// if 10 or more chars, plus one
if (password.Length >= 10)
score++;
// if password has a number, plus one
if (Regex.IsMatch(password, @"[\d]", RegexOptions.ECMAScript))
{
score++;
blnRequirement1Met = true;
}
// if password has lower case letter, plus one
if (Regex.IsMatch(password, @"[a-z]", RegexOptions.ECMAScript))
{
score++;
blnRequirement2Met = true;
}
// if password has upper case letter, plus one
if (Regex.IsMatch(password, @"[A-Z]", RegexOptions.ECMAScript))
{
score++;
blnRequirement2Met = true;
}
// if password has a special character, plus one
if (Regex.IsMatch(password, @"[~`!@#$%\^\&\*\(\)\-_\+=\[\{\]\}\|\\;:'\""<\,>\.\?\/£]", RegexOptions.ECMAScript))
score++;
// if password is longer than 2 characters and has 3 repeating characters, minus one (to minimum of score of 3)
List<char> lstPass = password.ToList();
if (lstPass.Count >= 3)
{
for (int i = 2; i < lstPass.Count; i++)
{
char charCurrent = lstPass[i];
if (charCurrent == lstPass[i - 1] && charCurrent == lstPass[i - 2] && score >= 4)
{
score++;
}
}
}
if (!blnMinLengthRequirementMet || !blnRequirement1Met || !blnRequirement2Met)
{
return PasswordScore.RequirementsNotMet;
}
return (PasswordScore)score;
}
公共枚举密码分数
{
空白=0,
TooShort=1,
要求SNOTMET=2,
VeryWeak=3,
弱=4,
公平=5,
中等=6,
Strong=7,
VeryStrong=8
}
公共静态PasswordScore CheckStrength(字符串密码)
{
智力得分=0;
//这里使用三个要求:最小长度和两种字符类型(数字和字母)
bool blnMinLengthRequirementMet=假;
bool blnRequirement1Met=false;
bool-blnRequirement2Met=false;
//检查密码中的字符
if(password.Length<1)
返回PasswordScore。为空;
//如果少于6个字符,则返回太短,否则,再加上一个字符
如果(密码长度<6)
{
返回PasswordScore.TooShort;
}
其他的
{
分数++;
blnMinLengthRequirementMet=真;
}
//如果8个或更多字符,加上一个
如果(password.Length>=8)
分数++;
//如果10个或更多字符,加上一个
如果(password.Length>=10)
分数++;
//如果密码有一个数字,加上一
if(Regex.IsMatch(密码@“[\d]”,RegexOptions.ECMAScript))
{
分数++;
blnRequirement1Met=真;
}
//如果密码有小写字母,加上一个
if(Regex.IsMatch(密码@“[a-z]”,RegexOptions.ECMAScript))
{
分数++;
blnRequirement2Met=真;
}
//如果密码有大写字母,加上一个
if(Regex.IsMatch(密码@“[A-Z]”,RegexOptions.ECMAScript))
{
分数++;
blnRequirement2Met=真;
}
//如果密码有一个特殊字符,加上一个
if(Regex.IsMatch(密码,@“[~`!@$%\^\&*\(\)\-\+=\[\\\\]\\\\\\\\\\\\\\:'”“\.\?\/”,RegexOptions.ECMAScript))
分数++;
//如果密码长度超过2个字符且有3个重复字符,则减1(最低分数为3)
List lstPass=password.ToList();
如果(lstPass.Count>=3)
{
for(int i=2;i=4)
{
分数++;
}
}
}
如果(!BLN最小长度要求满足| | |!BLN要求满足| |!BLN要求满足)
{
返回PasswordScore.requirementsnotset;
}
返回(密码分数)分数;
}
我写了一个简单的例子:
/// <summary>
/// Evaluates a password
/// </summary>
public class PasswordEvaluator
{
public string Password { get; private set; }
public int Length { get; private set; }
public int TotalNumberChars { get; private set; }
public bool ContainsNumberChars{get { return TotalNumberChars > 0; }}
public int TotalUppercaseChars { get; private set; }
public bool ContainsUppercaseChars { get { return TotalUppercaseChars > 0; } }
public int TotalLowercaseChars { get; private set; }
public bool ContainsLowercaseChars { get { return TotalLowercaseChars > 0; } }
public int TotalSpecialChars { get; private set; }
public bool ContainsSpecialChars { get { return TotalSpecialChars > 0; } }
public PasswordEvaluator(string password)
{
Password = password.Trim();
Length = Password.Length;
foreach (var c in Password)
{
var charCode = (int)c;
if (charCode >= 48 && charCode <= 57) TotalNumberChars++;
else if (charCode >= 65 && charCode <= 90) TotalUppercaseChars++;
else if (charCode >= 97 && charCode <= 122) TotalLowercaseChars++;
else TotalSpecialChars++;
}
}
public bool StrongEnough()
{
// Minimum length requirement
if (Length < Settings.PasswordMinLength) return false;
// Mixed case requirement
if (!ContainsLowercaseChars && !ContainsUppercaseChars) return false;
// Special chars requirement
if (TotalSpecialChars < 3) return false;
// Min lower case chars requirement
if (TotalLowercaseChars < 3) return false;
// Min upper case chars requirement
if (TotalUppercaseChars < 3) return false;
return true;
}
}
//
///计算密码
///
公共类密码计算器
{
公共字符串密码{get;private set;}
公共整数长度{get;私有集;}
公共整数TotalNumberCars{get;私有集;}
public bool containsnumbercars{get{return totalnumbercars>0;}}
public int TotalUppercaseChars{get;private set;}
public bool ContainerSupperCaseChars{get{return TotalUppercaseChars>0;}}
公共int TotalOwerCaseChars{get;私有集;}
公共bool包含WerCaseChars{get{return TotalOwerCaseChars>0;}}
public int TotalSpecialChars{get;private set;}
public bool包含特殊字符{get{return TotalSpecialChars>0;}}
公共密码计算器(字符串密码)
{
Password=Password.Trim();
长度=密码。长度;
foreach(密码中的var c)
{
var charCode=(int)c;
如果(charCode>=48&&charCode=65&&charCode=97&&charCode这是我自己的代码,用于基于信息熵和NIST指南的密码强度检查。但是,该方法不考虑“人类”语言因素
public enum PasswordScore
{
Blank,
VeryWeak,
Weak,
Medium,
Strong,
VeryStrong
}
public static PasswordScore CheckPasswordStrength(string password)
{
int N = 0;
int L = password.Length;
if (L == 0)
return PasswordScore.Blank;
if (Regex.IsMatch(password, @"[\d]", RegexOptions.ECMAScript))
N += 10;
if (Regex.IsMatch(password, @"[a-z]", RegexOptions.ECMAScript))
N += 26;
if (Regex.IsMatch(password, @"[A-Z]", RegexOptions.ECMAScript))
N += 26;
if (Regex.IsMatch(password, @"[~`!@#$%\^\&\*\(\)\-_\+=\[\{\]\}\|\\;:'\""<\,>\.\?\/£]", RegexOptions.ECMAScript) && password.Length > 8)
N += 33;
int H = Convert.ToInt32(L * (Math.Round(Math.Log(N) / Math.Log(2))));
if (H <= 32) return PasswordScore.VeryWeak;
if (H <= 48) return PasswordScore.Weak;
if (H <= 64) return PasswordScore.Medium;
if (H <= 80) return PasswordScore.Strong;
return PasswordScore.VeryStrong;
}
公共枚举密码分数
{
空白,
非常弱,
软弱的,
中等,
坚强的
非常强
}
公共静态PasswordScore CheckPasswordStrength(字符串密码)
{
int N=0;
int L=密码。长度;
如果(L==0)
返回PasswordScore。为空;
if(Regex.IsMatch(密码@“[\d]”,RegexOptions.ECMAScript))
N+=10;
if(Regex.IsMatch(密码@“[a-z]”,RegexOptions.ECMAScript))
N+=26;
if(Regex.IsMatch(密码@“[A-Z]”,RegexOptions.ECMAScript))
N+=26;
if(Regex.IsMatch(password,@“[~`!@$%\^\&\*\(\)\-\+=\[\\\\]\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\:'\\'''.\.\?\/\\”,RegexOptions.ECMAScript)和&password.Length>8)
N+=33;
int H=conv
$(document).ready(function(){
$("#textBox").keyup(function(){
var passWord = $("#textBox").val();
var passLength = passWord.length;
var specialFlag = 0;
var numberFlag = 0;
var numberGenerator = 0;
var total = 0;
if(/^[a-zA-Z0-9- ]*$/.test(passWord) == false) {
specialFlag =20;
}
if(passWord.match(/[0-9]/)) {
numberFlag = 25;
}
if(passLength>4&&passLength<=6){
numberGenerator =25;
}else if(passLength>=7&&passLength<=9){
numberGenerator =35;
}else if(passLength>9){
numberGenerator =55;
}else if(passLength>0&&passLength<=4){
numberGenerator =15;
}else{
numberGenerator =0;
}
total = numberGenerator + specialFlag + numberFlag;
if(total<30){
$('#progressBar').css('background-color','#CCC');
}else if(total<60&&total>=30){
$('#progressBar').css('background-color','#FF6600');
}else if(total>=60&&total<90){
$('#progressBar').css('background-color','#FFCC00');
}else if(total>=90){
$('#progressBar').css('background-color','#0f0');
}
$('#progressBar').css('width',total+'%');
});
});
// Only accurate for passwords in ASCII.
public double CalculateEntropy(string password)
{
var cardinality = 0;
// Password contains lowercase letters.
if (password.Any(c => char.IsLower(c)))
{
cardinality = 26;
}
// Password contains uppercase letters.
if (password.Any(c => char.IsUpper(c)))
{
cardinality += 26;
}
// Password contains numbers.
if (password.Any(c => char.IsDigit(c)))
{
cardinality += 10;
}
// Password contains symbols.
if (password.IndexOfAny("\\|¬¦`!\"£$%^&*()_+-=[]{};:'@#~<>,./? ".ToCharArray()) >= 0)
{
cardinality += 36;
}
return Math.Log(cardinality, 2) * password.Length;
}