RE: Red Hat Linux: passwd

["Burton M. Strauss III" <bstrauss3 () attbi com>]

It uses crack (that's why you have the crack and crack-dict rpm's
installed).

-----Burton

$ rpm -q cracklib -i
Name        : cracklib                     Relocations: (not relocateable)
Version     : 2.7                               Vendor: Red Hat, Inc.
Release     : 18                            Build Date: Sun 23 Jun 2002
09:38:02 AM CDT
Install date: Fri 22 Nov 2002 07:07:35 PM CST      Build Host:
perf90.perf.redhat.com
Group       : System Environment/Libraries   Source RPM:
cracklib-2.7-18.src.rpm
Size        : 81059                            License: Artistic
Signature   : DSA/SHA1, Tue 03 Sep 2002 04:11:47 PM CDT, Key ID
219180cddb42a60e
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://www.users.dircon.co.uk/~crypto/
Summary     : A password-checking library.
Description :
CrackLib tests passwords to determine whether they match certain
security-oriented characteristics, with the purpose of stopping users
from choosing passwords that are easy to guess. CrackLib performs
several tests on passwords: it tries to generate words from a username
and gecos entry and checks those words against the password; it checks
for simplistic patterns in passwords; and it checks for the password
in a dictionary.

CrackLib is actually a library containing a particular C function
which is used to check the password, as well as other C
functions. CrackLib is not a replacement for a passwd program; it must
be used in conjunction with an existing passwd program.

Install the cracklib package if you need a program to check users'
passwords to see if they are at least minimally secure. If you install
CrackLib, you will also want to install the cracklib-dicts package.


$ rpm -q cracklib-dicts -i
Name        : cracklib-dicts               Relocations: (not relocateable)
Version     : 2.7                               Vendor: Red Hat, Inc.
Release     : 18                            Build Date: Sun 23 Jun 2002
09:38:02 AM CDT
Install date: Fri 22 Nov 2002 07:08:15 PM CST      Build Host:
perf90.perf.redhat.com
Group       : System Environment/Libraries   Source RPM:
cracklib-2.7-18.src.rpm
Size        : 877756                           License: Artistic
Signature   : DSA/SHA1, Tue 03 Sep 2002 04:11:47 PM CDT, Key ID
219180cddb42a60e
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://www.users.dircon.co.uk/~crypto/
Summary     : The standard CrackLib dictionaries.
Description :
The cracklib-dicts package includes the CrackLib dictionaries.
CrackLib will need to use the dictionary appropriate to your system,
which is normally put in /usr/share/dict/words. Cracklib-dicts also
contains the utilities necessary for the creation of new dictionaries.

If you are installing CrackLib, you should also install cracklib-dicts.

-----Original Message-----
From: ALBEE,RUSSELL. S FC2 (CV63 CS5)
[mailto:ALBEER () kitty-hawk navy mil]
Sent: Tuesday, November 26, 2002 2:50 PM
To: security-basics () securityfocus com
Subject: Red Hat Linux: passwd


How does passwd determine if a password is based off a dictionary word or
not?  Is there a file somewhere it references, a dictionary built into the
code, or a algorithim it uses to check the password?

Thanks,

Russell