1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<title>cracklib2 - utilities</title>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
<meta http-equiv="keywords" content="crack, cracklib, password, security" />
</head>
<body>
<h1>cracklib2 - utilities</h1>
<p>
<code>cracklib2</code> is a library containing a C function which may be
used in a <a
href="/cgi-bin/man2html/usr/share/man/man1/passwd.1.gz"><code>passwd</code></a>
like program. The idea is simple: try to prevent users from choosing
passwords that could be guessed by <a
href="http://www.crypticide.org/users/alecm"><code>crack</code></a> by filtering them out, at
source. <code>cracklib2</code> is <em>not</em> a replacement <a
href="/cgi-bin/man2html/usr/share/man/man1/passwd.1.gz"><code>passwd</code></a>
program. <code>cracklib2</code> is a <em>library</em>.
</p>
<p>
<code>cracklib-runtime</code> contains run-time support programs which use
the shared library in <a
href="../cracklib2/cracklib2.html"><code>cracklib2</code></a> including
programs to build the password dictionary databases used by the functions
in the shared library.
</p>
<h2>Index</h2>
<ol>
<li>
<a href="../cracklib2/cracklib2.html">General documentation on
<code>cracklib2</code>.</a>
</li>
<li>
<a href="#cracklib.utilities">Debian <code>cracklib2</code>
utilities.</a>
<ol>
<li>
<a href="#cracklib.utilities.dictionary">Debian
<code>cracklib2</code> dictionary utilities.</a>
<ol>
<li>
<a href="#cracklib.utilities.dictionary.crack_mkdict"><code>crack_mkdict</code></a>
</li>
<li>
<a href="#cracklib.utilities.dictionary.crack_packer"><code>crack_packer</code></a>
</li>
<li>
<a href="#cracklib.utilities.dictionary.crack_unpacker"><code>crack_unpacker</code></a>
</li>
</ol>
</li>
<li>
<a href="#cracklib.utilities.test">Debian <code>cracklib2</code> test
utilities.</a>
<ol>
<li>
<a href="#cracklib.utilities.test.crack_testlib"><code>crack_testlib</code></a>
</li>
<li>
<a href="#cracklib.utilities.test.crack_testnum"><code>crack_testnum</code></a>
</li>
<li>
<a href="#cracklib.utilities.test.crack_teststr"><code>crack_teststr</code></a>
</li>
</ol>
</li>
</ol>
</li>
<li>
<a href="#cracklib.dictionaries">Debian dictionaries.</a>
</li>
</ol>
<hr/>
<h2>
<a id="cracklib.utilities">Debian <code>cracklib2</code> utilities</a>
</h2>
<h3>
<a id="cracklib.utilities.dictionary">Debian <code>cracklib2</code>
dictionary utilities.</a>
</h3>
<h4>
<a id="cracklib.utilities.dictionary.crack_mkdict"><code>crack_mkdict</code></a>
</h4>
<h5>Synopsis</h5>
<p><code> crack_mkdict <var>file ...</var> </code></p>
<h5>Description</h5>
<p>
<code>crack_mkdict</code> takes a list of ASCII files each containing a
list of words, one per line, It lowercases all words, removes control
characters, and sorts the lists. It outputs the cleaned up list to
standard output.
</p>
<p>
If you supply massive amounts of text to <code>crack_mkdict</code> you
must have enough free space available for use by the <a
href="/cgi-bin/man2html/usr/share/man/man1/sort.1.gz"><code>sort</code></a>
command. If you do not have 20Mb free in <code>/var/tmp</code> (or
whatever temporary area your <a
href="/cgi-bin/man2html/usr/share/man/man1/sort.1.gz"><code>sort</code></a>
command uses), have a look at the
<code>/usr/sbin/crack_mkdict</code> program which is a <a
href="/cgi-bin/man2html/usr/share/man/man1/sh.1.gz"><code>sh</code></a>
program. You can usually tweak the <a
href="/cgi-bin/man2html/usr/share/man/man1/sort.1.gz"><code>sort</code></a>
command to use any large area of disk you desire, by use of the
<code>-T</code> option. <code>crack_mkdict</code> has a hook for this.
</p>
<h4>
<a id="cracklib.utilities.dictionary.crack_packer"><code>crack_packer</code></a>
</h4>
<h5>Synopsis</h5>
<p><code>crack_packer <var>cracklib_dictpath</var></code></p>
<h5>Description</h5>
<p>
<code>crack_packer</code> reads from standard input a list of sorted and
cleaned words and creates a database in the directory and prefix given by
the command line argument <code><var>cracklib_dictpath</var></code>.
Three files are created with the suffixes of <code>.hwm, .pwd, and
.pwi</code>. These three files are in the format that the <a
href="/cgi-bin/man2html/usr/share/man/man3/FascistCheck.3.gz"><code>FascistCheck</code></a>
subroutine, <a
href="#cracklib.utilities.dictionary.crack_unpacker"><code>crack_unpacker</code></a>,
<a
href="#cracklib.utilities.test.crack_testlib"><code>crack_testlib</code></a>,
<a
href="#cracklib.utilities.test.crack_testnum"><code>crack_testnum</code></a>,
and <a
href="#cracklib.utilities.test.crack_teststr"><code>crack_teststr</code></a>
utilities understand. The number of words read and written are printed on
<a
href="/cgi-bin/man2html/usr/share/man/man3/stdout.3.gz"><code>stdout</code></a>.
</p>
<h4>
<a
id="cracklib.utilities.dictionary.crack_unpacker"><code>crack_unpacker</code></a>
</h4>
<h5>Synopsis</h5>
<p><code>crack_unpacker <var>cracklib_dictpath</var></code></p>
<h5>Description</h5>
<p>
<code>crack_unpacker</code> reads from the database in the directory and
prefix given by the command line argument
<code><var>cracklib_dictpath</var></code> and outputs on standard output
the list of words that make up the database.
</p>
<h3>
<a id="cracklib.utilities.test">Debian <code>cracklib2</code> test utilities.</a>
</h3>
<p>
These are command line interactive utilities to test the <a
href="#cracklib.dictionaries.utilities">installed cracklib
dictionary</a>. Each take one string or number per line. Enter
<code>^C</code> when done.
</p>
<h4>
<a id="cracklib.utilities.test.crack_testlib"><code>crack_testlib</code></a>
</h4>
<h5>Synopsis</h5>
<p><code>crack_testlib</code></p>
<h5>Description</h5>
<p>
<code>crack_testlib</code> tests if the input string will be accepted as
a valid password by the <a
href="#cracklib.dictionaries.utilities">installed
<code>cracklib2</code>dictionary</a> using the <a
href="/cgi-bin/man2html/usr/share/man/man3/FascistCheck.3.gz"><code>FascistCheck</code></a>
subroutine.
</p>
<h4>
<a id="cracklib.utilities.test.crack_testnum"><code>crack_testnum</code></a>
</h4>
<h5> Synopsis </h5>
<p><code>crack_testnum</code></p>
<h5>Description</h5>
<p>
<code>crack_testnum</code> tests if the input integer is an index to a
word in the <a href="#cracklib.dictionaries.utilities">installed
<code>cracklib2</code> dictionary</a> and returns the word if found.
</p>
<h4>
<a id="cracklib.utilities.test.crack_teststr"><code>crack_teststr</code></a>
</h4>
<h5>Synopsis</h5>
<p><code>crack_testnum</code></p>
<h5> Description </h5>
<p>
<code>crack_teststr</code> tests if the input string is in the <a
href="#cracklib.dictionaries.utilities">installed <code>cracklib2</code>
dictionary</a> and returns its index number if found.
</p>
<h2>
<a id="cracklib.dictionaries">Debian dictionaries</a>
</h2>
<p>
<code>cracklib2</code> uses a word database that is in a binary format
generated by the utilities <a
href="#cracklib.utilities.dictionary.crack_mkdict"><code>crack_mkdict</code></a>
and <a
href="#cracklib.utilities.dictionary.crack_packer"><code>crack_packer</code></a>.
Three files are created with the suffixes of <code>.hwm, .pwd, and
.pwi</code>. These files are <em>not</em> byte-order independent, in
fact they are probably architecture specific, mostly due to speed
constraints.
</p>
<h3>
<a id="cracklib.dictionaries.utilities">Compiled database location for
<code>cracklib</code> test utilities.</a>
</h3>
<p>
The <a href="#cracklib.utilities.test">dictionary test utilities</a> have
the location of the dictionary database hard-coded into them. On a
Debian system the database is located in the directory
<code>/var/cache/cracklib/cracklib_dict</code> and is generated daily with the program
<code>/etc/cron.daily/cracklib</code>. The location is also defined in
the header file <code> crack.h</code> using the constant
<code>CRACKLIB_DICTPATH </code> None of the subroutines in the
<code>cracklib</code> libraries have this location hard-coded into their
implementations.
</p>
<h3>
<a id="cracklib.dictionaries.src">Word lists for creating dictionary
databases.</a>
</h3>
<p>
<code>cracklib2</code> is only as good as the word dictionary database you
create. Basically, you want to include any word that a malicious user
could guess. It could include:
</p>
<ul>
<li>Names (including nicknames and user ids) of all users.</li>
<li>Names of pets, relatives, cars, ... of all users.</li>
<li>Computer, network, printer, ... names.</li>
<li>Insurance numbers, employee numbers, ... of users.</li>
<li>...</li>
</ul>
<p>
Debian provides a number of word lists that can be used as sources for
creating the <code>cracklib2</code> dictionary database. The package <a
href="/cgi-bin/man2html/usr/share/man/man5/english.5.gz"><code>wenglish</code></a>
provides a standard ASCII word list that can be directly used. The
package <a href="../ispell/ispell.html"><code>ispell</code></a> also
supplies a large word list but it is in binary format. I haven't
figured out how to decode this binary format so that the resulting word
list can be used by <code>cracklib2</code>.
</p>
<hr/>
<p>
Original Copyright © 1998, 1999
<a href="mailto:jplejacq@quoininc.com">Jean Pierre LeJacq</a>
<br/>
Currently maintained by <a href="mailto:mpitt@debian.org">Martin Pitt</a>
<br/>
Distributed under the <a href="../../common-licenses/GPL">GNU GENERAL PUBLIC
LICENSE</a>.
<br/>
last-modified: Thu, 21 Oct 2003
</p>
</body>
</html>
|
