9.2. Testing Login Passwords (CrackLib)
Problem
You want assurance that your login passwords are secure.
Solution
Write a little program that calls the
FascistCheck
function from CrackLib:
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <crack.h>
#define DICTIONARY "/usr/lib/cracklib_dict"
int main(int argc, char *argv[]) {
char *password;
char *problem;
int status = 0;
printf("\nEnter an empty password or Ctrl-D to quit.\n");
while ((password = getpass("\nPassword: ")) != NULL && *password ) {
if ((problem = FascistCheck(password, DICTIONARY)) != NULL) {
printf("Bad password: %s.\n", problem);
status = 1;
} else {
printf("Good password!\n");
}
}
exit(status);
}Compile and link it thusly:
$ gcc cracktest.c -lcrack -o cracktest
Run it (the passwords you type will not appear on the screen):
$ ./cracktest Enter an empty password or Ctrl-D to quit. Password:xyzBad password: it's WAY too short. Password:elephantBad password: it is based on a dictionary word. Password:kLu%ziF7Good password!
Discussion
CrackLib is an offshoot of Alec Muffet’s password
cracker, Crack. It is designed to be embedded in other programs, and
hence is provided only as a library (and dictionary). The
FascistCheck function subjects a password to a
variety of tests, to ensure that it is not vulnerable to guessing.
See Also
Learn more about CrackLib at http://www.crypticide.org/users/alecm.
Perl for System Administration (O’Reilly), section 10.5, shows how to make a Perl module to use CrackLib. ...