9.2. Testing Login Passwords (CrackLib)
Problem
You want assurance that your login passwords are secure.
Solution
Write a little program that calls the
FascistCheck
function from CrackLib:
#include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <crack.h> #define DICTIONARY "/usr/lib/cracklib_dict" int main(int argc, char *argv[]) { char *password; char *problem; int status = 0; printf("\nEnter an empty password or Ctrl-D to quit.\n"); while ((password = getpass("\nPassword: ")) != NULL && *password ) { if ((problem = FascistCheck(password, DICTIONARY)) != NULL) { printf("Bad password: %s.\n", problem); status = 1; } else { printf("Good password!\n"); } } exit(status); }
Compile and link it thusly:
$ gcc cracktest.c -lcrack -o cracktest
Run it (the passwords you type will not appear on the screen):
$ ./cracktest Enter an empty password or Ctrl-D to quit. Password:xyz
Bad password: it's WAY too short. Password:elephant
Bad password: it is based on a dictionary word. Password:kLu%ziF7
Good password!
Discussion
CrackLib is an offshoot of Alec Muffet’s password
cracker, Crack. It is designed to be embedded in other programs, and
hence is provided only as a library (and dictionary). The
FascistCheck
function subjects a password to a
variety of tests, to ensure that it is not vulnerable to guessing.
See Also
Learn more about CrackLib at http://www.crypticide.org/users/alecm.
Perl for System Administration (O’Reilly), section 10.5, shows how to make a Perl module to use CrackLib. ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.