Projects / passwdqc


passwdqc is a password/passphrase strength checking and policy enforcement tool set, including an optional PAM module (pam_passwdqc), command-line programs (pwqcheck and pwqgen), and a library (libpasswdqc). On systems with PAM, pam_passwdqc is normally invoked on password changes by programs such as passwd(1). It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable. pwqcheck and pwqgen are standalone password/passphrase strength checking and random passphrase generator programs, respectively, and are usable from scripts. libpasswdqc is the underlying library, which may also be used from third-party programs.

Operating Systems

Recent releases

  •  24 Apr 2013 02:40

    Release Notes: Detection of common character sequences has been improved (as tested on RockYou top 100k and top 1M). Generation of random passphrases with non-default settings has been improved: case toggling has been made optional, possible use of trailing single characters has been added, words are now separated with dashes when different separator characters are not in use, and the range of possible bit sizes of generated passphrases has been expanded. The code has been made more robust. Mac OS X support has been added. pwqcheck.php, a PHP wrapper function around the pwqcheck program, has been added.

    •  22 Jun 2010 23:33

      Release Notes: Solaris-focused Makefile and documentation updates were done.

      •  27 Mar 2010 21:01

        Release Notes: A password strength check has been adjusted to no longer subject certain passwords that start with a digit and/or end with a capital letter to an unintentionally stricter policy.

        •  16 Mar 2010 12:09

          Release Notes: pwqcheck is now usable by OpenBSD and is able to check multiple passphrases at once. The random passphrases will now encode more entropy per separator and per word, increasing their default size to 47 bits. Substring matching will now partially discount rather than fully remove weak substrings, support leetspeak, and detect sequential digits, letters, and adjacent keys. The strength checking code will now detect and allow passphrases with non-ASCII (8-bit) characters in the words. The code has been made significantly faster. RPM packages can now be built out of the distribution tarballs.

          •  18 Nov 2009 03:50

            Release Notes: Minor cleanups were done for the code and manual pages markup, such as for proper formatting on OpenBSD.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.