exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

cracklib.2.7.README

cracklib.2.7.README
Posted Aug 16, 1999

No information is available for this file.

tags | cracker
SHA-256 | 9cb54e44eb57c9b565bfe3fa888008123672f33ff264d2ccb757876a20b46a1f

cracklib.2.7.README

Change Mirror Download
CrackLib:  A ProActive Password Sanity Library
By: Alec Muffett
Address: alecm@crypto.dircon.co.uk
Date: Sun Dec 14 22:16:48 GMT 1997

- This software is not my fault in any way, nor indeed anybody's -


*** What is CrackLib ***


CrackLib is a library containing a C function (well, lots of functions
really, but you only need to use one of them) which may be used in a
"passwd"-like program.

The idea is simple: try to prevent users from choosing passwords that
could be guessed by "Crack" by filtering them out, at source.

CrackLib is an offshoot of the the version 5 "Crack" software, and
contains a considerable number of ideas nicked from the new software.

At the time of writing, Crack 5 is incomplete (still awaiting purchase
of my home box) - but I though I could share this with you.

[ Incidentally, if Dell or anyone would like to "donate" a Linuxable
486DX2-66MHz box (EISA/16Mb RAM/640MB HD/AHA1740) as a development
platform for Crack, I'd be more than grateful to hear from you. 8-) ]


NOTE THIS WELL: CrackLib is NOT a replacement "passwd" program.
CrackLib is a LIBRARY. CrackLib is what trendy marketdroid types would
probably call an "enabler".

The idea is that you wire it into your _own_ "passwd" program (if you
have source); alternatively, you wire it into something like "shadow"
from off of the net. You can use it in other things, too.

You can use it almost _everywhere_.


*** Advantages of CrackLib ***


1) it WORKS!

I wrote something similar ("goodpass") a few years back, which went out
with Crack v3.x.

Goodpass was slow and buggy and I think it was used (at least in part)
in "npasswd". Hopefully, CrackLib will supplant "goodpass" entirely.


2) it's FAST!

CrackLib finds potential passwords quickly, by using an index file to
access dictionary words, and by keeping a table to assist binary
searching.


3) it's SMALL!

CrackLib's dictionary is modified-DAWG compressed with a chunksize of 16
words (see Crack v5.0 docs (when it comes out) for details) - and then
the index file is built, with one entry per chunk.

The upshot of all this is that CrackLib can do indexed, binary searches
in a 1.4 million word dictionary (raw size ~ 15Mb), but the CrackLib
files (data+index+watermarks) occupy only ~ 7Mb. (45% original size)

It's even efficient over NFS !


4) it's MIND-NUMBINGLY THOROUGH!

(is this beginning to read like a B-movie flyer, or what?)

CrackLib makes literally hundreds of tests to determine whether you've
chosen a bad password.

* It tries to generate words from your username and gecos entry to tries
to match them against what you've chosen.

* It checks for simplistic patterns.

* It then tries to reverse-engineer your password into a dictionary
word, and searches for it in your dictionary.

- after all that, it's PROBABLY a safe(-ish) password. 8-)


*** Instructions for building CrackLib...


STEP 0) Engage your brain.

I'm interested in improving the CrackLib software, doing bugfixes,
"guessing technique" improvements, and portability enhancements.

I'm NOT interested in unhelpful comments like "well, _my_ operating
system doesn't come with a dictionary". If it doesn't, either complain
to your vendor, or GO AND GET a dictionary off the net.

CrackLib is NOT a TOOL. It is not a complete package. It is not
something you can utilise directly.

It is a resource, an aid, something to enhance the functionality of
other software. You need to (either) write OR modify other software to
use it. If you can't do this, then you shouldn't be wasting your time
with it.

Regarding bugs and portability problems: please try to work them out for
yourself, and then (please) TELL me about them. This will help me
improve future versions.


STEP 1) Edit the Makefile to set your preferred value of DICTPATH

This it the directory+filename-prefix that your version of CrackLib will
go hunting for, and it must be visible to all programs on all hosts that
use CrackLib

Hence, if you want to use a CrackLib binary on a distributed network,
these files are probably best placed on an NFS server.

Note: You have to specify a FILENAME PREFIX too, eg:

DICTPATH=/usr/local/lib/pw_dict

which will generate:

/usr/local/lib/pw_dict.pwd
/usr/local/lib/pw_dict.pwi
/usr/local/lib/pw_dict.hwm

which are the files that CrackLib needs.

These files are NOT byte-order independent, in fact they are probably
ARCHITECTURE SPECIFIC, mostly due to speed constraints. If this is a
problem, I suggest you use:

DICTPATH=/usr/local/lib/pw_dict.sun4
DICTPATH=/usr/local/lib/pw_dict.i386
DICTPATH=/usr/local/lib/pw_dict.cray

...etc, and build several sets of files, as appropriate.


(Hackers Note: Strictly, only *.pwi and *.hwm should be architecture
dependent; however, if you build two dictionaries on two different
platforms, you MAY wind up with different *.pwd files too, due to
incompatibilities in the std Unix utilities, or from using different
SOURCEDICTs.

I may try to work this out in the next release. In the mean time, if
your *.pwd files are EXACTLY identical (use "cmp" to test), you can
delete the multiple copies and use softlinks instead.)


STEP 2) Add to the SOURCEDICT variable, any files continaing extra words
that you wish CrackLib to use. CrackLib merges all of these files
together, removes redundant characters, and compresses them. Generally,
the output file is 40..60% the size of all the input files, combined.

NOTE: THE DEFAULT VALUE OF "SOURCEDICT" CONTAINS "/usr/dict/words" -
this is a file which can be found on many BSD-type Unix systems,
containing a list of words, one per line, suitable for use with
"cracklib". If you do not have such a file, refer to STEP 0.


STEP 3) do:

% make all

then do:

% make install

which will build the CrackLib dictionary in $DICTPATH.


*** NOTE THIS WELL ***

If you supply massive amounts of text to CrackLib to use a a dictionary,
you must have enough free space available for use by the "sort" command,
when the dictionary is built.

So: If you do not have (say) about 20Mb free in /usr/tmp (or whatever
temporary area your "sort" command uses), have a look at the
"util/mkdict" script.

You can usually tweak the "sort" command to use any large area of disk
you desire, by use of the "-T" option, and "mkdict" has a hook for this.


STEP 4) Wire a call to "FascistCheck()" into your "passwd" program


- Left as an exercise for the reader.


*** Example of how to invoke CrackLib

Insert a call to the routine FascistCheck, which is defined thusly:

NAME
FascistCheck - check a potential password for guessability


SYNOPSIS

char *FascistCheck(char *pw, char *dictpath);


DESCRIPTION

FascistCheck() takes 2 arguments:

pw - a string continaing the users chosen "potential password"

dictpath - the full path name + filename prefix of the
CrackLib dictionary, specified in the installation Makefile.
(If you still haven't sussed, I'm talking about DICTPATH).


RETURN VALUE

FascistCheck() returns the NULL pointer for a good password,
or a pointer to a diagnostic string if it is a bad password.


BUGS
- it can't catch everything. Just most things.

- it calls getpwuid(getuid()) to look up the user,
this MAY affect poorly written programs

- using more than one pw_dict file, eg:

char *msg;
if (msg = FascistCheck(pw, "onepath") ||
msg = FascistCheck(pw, "anotherpath"))
{
printf("Bad Password: because %s\n", msg);
}

...works, but it's a kludge. AVOID IT IF POSSIBLE.
Using just the one dictionary is more efficient, anyway.

- PWOpen() routines should cope with having more than 1
dictionary open at a time. I'll fix this RSN.


WORKED EXAMPLE

---- modified extract from BSD distribution - "local_passwd.c" ----

#ifndef CRACKLIB_DICTPATH /* if possible, get from the same Makefile as CrackLib */
#define CRACKLIB_DICTPATH "/usr/local/lib/pw_dict"
#endif /* see examples on how to import DICTPATH into CRACKLIB_DICTPATH */
...
...
...
for (buf[0] = '\0', tries = 0;;) {
p = getpass("New password:");
if (!*p) {
(void)printf("Password unchanged.\n");
pw_error(NULL, 0, 0);
}

#ifndef CRACKLIB_DICTPATH
if (strlen(p) <= 5 && (uid != 0 || ++tries < 2)) {
(void)printf("Please enter a longer password.\n");
continue;
}
for (t = p; *t && islower(*t); ++t);
if (!*t && (uid != 0 || ++tries < 2)) {
(void)printf("Please don't use an all-lower case password.\nUnusual capitalization, control characters or digits are suggested.\n");
continue;
}
#else
{
char *msg;
if (msg = (char *) FascistCheck(pwbuf, CRACKLIB_DICTPATH)) {
printf("Please use a different password.\n");
printf("The one you have chosen is unsuitable because %s.\n", msg);
continue; /* go round and round until they get it right */
}
}
#endif /* CRACKLIB_DICTPATH */

(void)strcpy(buf, p);
if (!strcmp(buf, getpass("Retype new password:")))
break;
(void)printf("Mismatch; try again, EOF to quit.\n");
}
---- end of extract ----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close