This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:OWASP Proactive Controls"

From OWASP
Jump to: navigation, search
(Proposal for a regular expression for passwords)
 
m
Line 1: Line 1:
 +
Thomas: Very interesting, move this here? https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository
 +
 +
***
 +
 
Hi Jim,
 
Hi Jim,
  

Revision as of 21:02, 18 July 2014

Thomas: Very interesting, move this here? https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository

Hi Jim,

When looking at your your project page, maybe I have something, that you might be interested in.

A while ago, Torsten figured out how to write the password policy of Windows (3 out of 4) as an regular expression:

^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°()\|\[\]\-\$\^\@\/]{8,32}$

A short explanation:

password length 8 -32 Character set: -Za-z0-9!/~<>,;:_=?*+-#."&§$%^°()[]|@ at least 3 out 4 (uppercase and lowercase letters, numbers and special characters) no more than 2 equal characters in a row (that's not Windows)

More on your document maybe later.

Best Regards, Thomas