pwserverd iconpwserverd 0.1

Password generation and security checking server
pwserverd is a software that provides a way for applications written in PHP and other scripting languages to efficiently generate and check passwords.


Start the server by running pwserverd. The server will look for its configuration in /etc/pwserverd.cfg, and failing that will adopt the following default configuration:

listeners = tcp
debug = false

type = tcp
port = 8099
interface = localhost

The server communicates using an HTTP-like protocol; for instance, to generate a password, you might send:

GENERATE< cr >< lf >
< cr >< lf >

to which the reply might be

200 OK< cr >< lf >
Password: Rocky$Noble_Semi< cr >< lf >
< cr >< lf >

You can add header-like arguments; the GENERATE command, for instance, accepts the arguments RandomBits and MaxLength. To generate a password with 96 bits of randomness, you might send

GENERATE< cr >< lf >
RandomBits: 96< cr >< lf >
< cr >< lf >

The other command accepted by the server is the CHECK command, which you use like this:

CHECK password< cr >< lf >
< cr >< lf >

The response from the server is either of the form

200 OK< cr >< lf >
Status: Secure< cr >< lf >
< cr >< lf >


200 OK< cr >< lf >
Status: Insecure< cr >< lf >
Reason: Password is too simple (not enough different kinds of character)< cr >< lf >
< cr >< lf >

You should check the Status code, and if it is Insecure, present the Reason to the user.

Like GENERATE, CHECK can take header-style arguments. You can specify the OldPassword argument if you want to check that the password is not too similar to an older password. You can also specify a Username argument that the password is compared with. If you specify additional header arguments, these are also checked against the password.

last updated on:
June 20th, 2010, 15:46 GMT
developed by:
Alastair Houghton
license type:
MIT/X Consortium License 
ROOT \ Security


In a hurry? Add it to your Download Basket!

user rating



Add your review!