The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Password Strength Meter

Discussion in 'cPanel Developers' started by lvt, Aug 7, 2011.

  1. lvt

    lvt Well-Known Member

    Joined:
    May 23, 2009
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    Hi all,

    I have integrated sevaral cPanel APIs in my web application (database, ftp, email, domain...) and I have an issue with the cPanel password strength meter, if the password entered by my clients is not strong enough (<60%) the application will fail, so I need to add a similar password strength meter to my application.

    I've tested some of them but the problem is that the results aren't always identical with cPanel's own password strength meter, sometimes the scrores are higher, sometimes they are lower.

    Anyone of you currently has a solution for this issue ? Thanks for any information.
     
  2. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    DISCLAIMER:

    This involves mucking with things that are not actually an API in cpanel, it is subject to change. You implement this with full understanding that future patch, minor or major version updates can break this functionality.


    The passwordstrength system is all based off of a cgi script that is available for usage.

    This script is located at /backend/passwordstrength.cgi

    It takes a single posted parameter of "password" which contains the password

    it return a very basic JSON datastructure containing a single entry called "strength" which will indicate the numerical strength for the password.

    f.ex:

    Code:
    curl -k -uusername:password -d 'password=z0mgUlTR$As3Cur3!!' [url]https://localhost:2083/backend/passwordstrength.cgi[/url]
    { "strength": 100 }
     
  3. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just as a heads up, I've added this as an API2 & XML-API call in 11.32, it will be out in a few months.
     
  4. elektrastudio

    elektrastudio Registered

    Joined:
    Nov 24, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hello.

    Can you, by _any_ chance, can be considering the following information when building the algorithm for the strenght meter? https://www.grc.com/haystack.htm

    I just tried a long, padded, password, and after 36~40 characters the strenght drops to zero.
    And the results are not consistent across trials or when using it on WHM or cPanel.

    On another light: Can I build my own checker or tweak the existing one?
    Is there any way to make my changes persistent across updates?

    Thank you.
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just an off-topic head's up, suggestions for modifying the strength algorithm are being discussed at: http://forums.cpanel.net/f145/better-password-strength-checker-237902.html
     
  6. LeadDogGraphics

    LeadDogGraphics Well-Known Member

    Joined:
    Feb 25, 2012
    Messages:
    97
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    West Palm Beach, FL
    cPanel Access Level:
    Root Administrator
    I would definitely love to see a better password checker added but I also would love to see other websites / webapps follow suit in understanding that complexity is not the same as security as noted in the above articles. Great links BTW. Thank you
     
Loading...

Share This Page