Last active
August 2, 2019 18:54
-
-
Save CJHarmath/afde4a3ce2159d2f9fbf0bbcfed9d501 to your computer and use it in GitHub Desktop.
Revisions
-
CJHarmath revised this gist
Aug 2, 2019 . 1 changed file with 124 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,124 @@ function Get-PasswordComplexity { <# .SYNOPSIS Testing if a given password is complex .DESCRIPTION Based on the given SecureString or Credential the function tests if the password used is complex enough. The complexity is calculated based on the number of character classes use in the password. The classes are lower case letter, upper case letters, numbers and special characters. Each class gets a complexity point and the password must include at least 3 classes. The length requirement defaults to 10, but can be overriden. Based on http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html With a few security enhancements in mind and using advanced function. .PARAMETER SecurePassword The password to be tested as a SecureString .PARAMETER Credential The credential object which password is going to be tested .PARAMETER MinPasswordLength Optional. Defaults to 10. The minimum length requirement for accepted passwords. .EXAMPLE $secureString = Read-Host -AsSecureString -Prompt "enter password" enter password: *********** > Test-PasswordComplexity -SecurePassword $secureString > Test-PasswordComplexity -SecurePassword $secureString IsValid Length Complexity ComplexityScore ------- ------ ---------- --------------- True length - OK complex 4 .EXAMPLE $secureStringWeak = Read-Host -AsSecureString -Prompt "enter password" enter password: ****** > Test-PasswordComplexity -SecurePassword $secureStringWeak IsValid Length Complexity ComplexityScore ------- ------ ---------- --------------- False length < 10 NOT complex 1 .LINK http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' )] [OutputType('PasswordComplexity')] param ( [Parameter(Mandatory, ParameterSetName = 'SecurePassword')] [SecureString] $SecurePassword, [Parameter(Mandatory, ParameterSetName = 'Credential')] [PSCredential] $Credential, [Parameter()] [int] $MinPasswordLength = 10 ) try { if ($PSCmdlet.ParameterSetName -eq 'SecurePassword') { $passwordString = (New-Object PSCredential "user",$SecurePassword).GetNetworkCredential().Password } else { $passwordString = $Credential.GetNetworkCredential().Password } $valid = $true # checking the minimal length if($passwordString.length -lt $MinPasswordLength){ $passwordLength = "length < {0}" -f $MinPasswordLength $valid = $false } else { $passwordLength = "length - OK" } $pwComplexity = 0 # lowercase if($passwordString -cmatch "[a-z]"){ $pwComplexity++ } # uppercase if($passwordString -cmatch "[A-Z]"){ $pwComplexity++ } # digits if($passwordString -cmatch "[0-9]"){ $pwComplexity++ } # special character (not alphabetic characters or numbers) if($passwordString -cmatch "[^a-zA-Z0-9]"){ $pwComplexity++ } # if 3 of the criterias if($pwComplexity -ge 3){ $complexity = "complex" } else{ $complexity = "NOT complex" $valid = $false } [PSCustomObject]@{ IsValid = $valid Length = $passwordLength Complexity = $complexity ComplexityScore = $pwComplexity PSTypeName = 'PasswordComplexity' } } catch { Write-Error -ErrorRecord $_ } } -
Aug 2, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ function Get-PasswordComplexity { <# .SYNOPSIS Testing if a given password is complex -
Aug 2, 2019 . No changes.There are no files selected for viewing
-
Aug 2, 2019 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,7 @@ function Test-PasswordComplexity { <# .SYNOPSIS Testing if a given password is complex .DESCRIPTION Based on the given SecureString or Credential the function tests if the password used is complex enough. The complexity is calculated based on the number of character classes use in the password. -
Aug 2, 2019 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -42,8 +42,9 @@ function Test-PasswordComplexity { IsValid Length Complexity ComplexityScore ------- ------ ---------- --------------- False length < 10 NOT complex 1 .LINK http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' -
Aug 2, 2019 . 1 changed file with 6 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,7 +22,8 @@ function Test-PasswordComplexity { .PARAMETER MinPasswordLength Optional. Defaults to 10. The minimum length requirement for accepted passwords. .EXAMPLE $secureString = Read-Host -AsSecureString -Prompt "enter password" enter password: *********** > Test-PasswordComplexity -SecurePassword $secureString @@ -32,14 +33,17 @@ function Test-PasswordComplexity { ------- ------ ---------- --------------- True length - OK complex 4 .EXAMPLE $secureStringWeak = Read-Host -AsSecureString -Prompt "enter password" enter password: ****** > Test-PasswordComplexity -SecurePassword $secureStringWeak IsValid Length Complexity ComplexityScore ------- ------ ---------- --------------- False length < 10 NOT complex 1 .LINK #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' -
Aug 2, 2019 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,7 +22,7 @@ function Test-PasswordComplexity { .PARAMETER MinPasswordLength Optional. Defaults to 10. The minimum length requirement for accepted passwords. .EXAMPLE SecureString input $secureString = Read-Host -AsSecureString -Prompt "enter password" enter password: *********** > Test-PasswordComplexity -SecurePassword $secureString @@ -32,7 +32,7 @@ function Test-PasswordComplexity { ------- ------ ---------- --------------- True length - OK complex 4 .EXAMPLE weak password $secureStringWeak = Read-Host -AsSecureString -Prompt "enter password" enter password: ****** > Test-PasswordComplexity -SecurePassword $secureStringWeak -
Aug 2, 2019 . 1 changed file with 17 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,7 +23,23 @@ function Test-PasswordComplexity { Optional. Defaults to 10. The minimum length requirement for accepted passwords. .EXAMPLE $secureString = Read-Host -AsSecureString -Prompt "enter password" enter password: *********** > Test-PasswordComplexity -SecurePassword $secureString > Test-PasswordComplexity -SecurePassword $secureString IsValid Length Complexity ComplexityScore ------- ------ ---------- --------------- True length - OK complex 4 .EXAMPLE $secureStringWeak = Read-Host -AsSecureString -Prompt "enter password" enter password: ****** > Test-PasswordComplexity -SecurePassword $secureStringWeak IsValid Length Complexity ComplexityScore ------- ------ ---------- --------------- False length < 10 NOT complex 1 #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' -
Aug 2, 2019 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,7 +21,9 @@ function Test-PasswordComplexity { .PARAMETER MinPasswordLength Optional. Defaults to 10. The minimum length requirement for accepted passwords. .EXAMPLE #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' -
Aug 2, 2019 . 1 changed file with 10 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,6 +12,16 @@ function Test-PasswordComplexity { Based on http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html With a few security enhancements in mind and using advanced function. .PARAMETER SecurePassword The password to be tested as a SecureString .PARAMETER Credential The credential object which password is going to be tested .PARAMETER MinPasswordLength Optional. Defaults to 10. The minimum length requirement for accepted passwords. #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' -
Aug 2, 2019 . No changes.There are no files selected for viewing
-
Aug 2, 2019 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,6 +9,9 @@ function Test-PasswordComplexity { Each class gets a complexity point and the password must include at least 3 classes. The length requirement defaults to 10, but can be overriden. Based on http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html With a few security enhancements in mind and using advanced function. #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' -
Aug 2, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,87 @@ function Test-PasswordComplexity { <# .SYNOPSIS Testing if a given password is complex .DESCRIPTION Based on the given SecureString or Credential the function tests if the password used is complex enough. The complexity is calculated based on the number of character classes use in the password. The classes are lower case letter, upper case letters, numbers and special characters. Each class gets a complexity point and the password must include at least 3 classes. The length requirement defaults to 10, but can be overriden. #> [CmdletBinding( DefaultParameterSetName = 'SecurePassword' )] [OutputType('PasswordComplexity')] param ( [Parameter(Mandatory, ParameterSetName = 'SecurePassword')] [SecureString] $SecurePassword, [Parameter(Mandatory, ParameterSetName = 'Credential')] [PSCredential] $Credential, [Parameter()] [int] $MinPasswordLength = 10 ) try { if ($PSCmdlet.ParameterSetName -eq 'SecurePassword') { $passwordString = (New-Object PSCredential "user",$SecurePassword).GetNetworkCredential().Password } else { $passwordString = $Credential.GetNetworkCredential().Password } $valid = $true # checking the minimal length if($passwordString.length -lt $MinPasswordLength){ $passwordLength = "length < {0}" -f $MinPasswordLength $valid = $false } else { $passwordLength = "length - OK" } $pwComplexity = 0 # lowercase if($passwordString -cmatch "[a-z]"){ $pwComplexity++ } # uppercase if($passwordString -cmatch "[A-Z]"){ $pwComplexity++ } # digits if($passwordString -cmatch "[0-9]"){ $pwComplexity++ } # special character (not alphabetic characters or numbers) if($passwordString -cmatch "[^a-zA-Z0-9]"){ $pwComplexity++ } # if 3 of the criterias if($pwComplexity -ge 3){ $complexity = "complex" } else{ $complexity = "NOT complex" $valid = $false } [PSCustomObject]@{ IsValid = $valid Length = $passwordLength Complexity = $complexity ComplexityScore = $pwComplexity PSTypeName = 'PasswordComplexity' } } catch { Write-Error -ErrorRecord $_ } }