Strong password is a base component for strong security. This library provides a password policies, validator and generator.
This example shows how to validate if the given password is compliant to the given password policy.
(import (rnrs)
(security password))
;; Password requires
;; - at least length of 16 characters,
;; - at least one lower char (a-z)
;; - at least one upper char (A-Z)
;; - at least one digit char (0-9)
;; - at least one symbol char ($#!)
(define policy (password-policies
(make-length-policy 16)
(make-lower-case-policy 1)
(make-upper-case-policy 1)
(make-digit-policy 1)
(make-symbol-policy 1)))
(password-policy-compliant? policy "password") ;; -> #f
(password-policy-compliant? policy "password12345678") ;; -> #f
(password-policy-compliant? policy "pa$$word12345678") ;; -> #f
(password-policy-compliant? policy "Pa$$word12345678") ;; -> #t
And this example shows how to generate a password which is compliant to the given password policy.
(import (rnrs)
(security password))
;; Password requires
;; - at least length of 16 characters,
;; - at least one lower char (a-z)
;; - at least one upper char (A-Z)
;; - at least one digit char (0-9)
;; - at least one symbol char ($#!)
(define policy (password-policies
(make-length-policy 16)
(make-lower-case-policy 1)
(make-upper-case-policy 1)
(make-digit-policy 1)
(make-symbol-policy 1)))
(generate-password policy) ;; -> "1uI#tfUzL_]H-<$%" (as an example)
The password generation is based on a random seed, so the result may differ on every invocation.
Returns #t
if the given obj is a password policy, otherwise #f
.
Construct a composite password policy which contains policies.
Returns #t
if the given password is compliant to the given policy,
otherwise #f
.
Returns #t
if the given obj is a length policy, otherwise #f
.
Creates a length policy of length n.
Returns length of the policy, iff policy is a length policy or
a composite policy which contains length policy, otherwise #f
.
Returns #t
if the given obj is a character policy, otherwise #f
.
Creates a character policy of from cset which requires at least at-least characters.
Returns charset of the policy, iff policy is a character policy or
a composite policy which contains character policy, otherwise #f
.
If the policy contains multiple character policy, then the returning charset is a unioned charset.
Creates a character policy of [a-z]
requires at least at-least.
Creates a character policy of [A-Z]
requires at least at-least.
Creates a character policy of ASCII symbols requires at least at-least.
Creates a character policy of [0-9]
requires at least at-least.
Generates a password which is compliant to policy.
If the keyword argument prng is specified, then it must be a
peudo-random-generator
defined in (sagittarius crypto random)
.
NOTE: using weak PRNG is not recommended. By default, the procedure uses ChaCha20
The procedure uses below parameter if the given policy doesn't contain some policies.
Default password length, if the policy doesn't contain length policy.
Default password charset, if the policy doesn't contain character policy.
Calculates password entropy of the given policy.
The calculation formula: log(expt(cs, l) 2)
where cs
is the
number of possible characters of the policy, and l
is the
length of the password.
A convenient procedure. Returns a predicate which accepts a string and check if the given string is a compliant password or not.
Creates a generator which generates string. Generated strings are compliant to the given policy.
This procedure can be used with (sagittarius generators)
library.
Suppose, you want to generate 5 random password which are compliant
to your password policy, then it can be written like this
(import (rnrs)
(security password))
(define policy (password-policies
(make-length-policy 16)
(make-lower-case-policy 1)
(make-upper-case-policy 1)
(make-digit-policy 1)
(make-symbol-policy 1)))
(let ((g (gtake (password-policy->generator policy) 5)))
(generator->list g))
;; a list containing 5 elements, all of them are compliant to policy