cracklib-check
Check passwords against dictionary words
SYNOPSIS
cracklib-check [OPTIONS] [dictionary_path]
PARAMETERS
dictionary_path
Path to the cracklib dictionary to use. If omitted, uses the default dictionary path.
DESCRIPTION
The cracklib-check
command is a utility used to check the strength of a password against a dictionary of common passwords and password patterns. It leverages the cracklib
library to determine if a proposed password is easily guessable. It's primarily used in password management systems to enforce password policies and prevent users from choosing weak passwords. It reads a password from standard input, evaluates its strength based on the configured dictionary and heuristics, and reports its findings to standard output. The command is essential for improving system security by reducing the likelihood of successful password-based attacks.
It is part of the libcrack2
package.
CAVEATS
The effectiveness of cracklib-check
is limited by the completeness and currency of its dictionary. Outdated dictionaries or dictionaries not tailored to specific attack patterns may result in false negatives.
EXIT STATUS
The exit status indicates the outcome of the check. A zero exit status typically indicates that the password is weak, while a non-zero status suggests it might be acceptable, although the specific meanings depend on the implementation. Check the documentation for exact values.
SECURITY CONSIDERATIONS
While useful, cracklib-check
isn't a perfect solution. Attackers can use sophisticated methods to bypass the check. It's important to combine it with other security measures for enhanced protection.
EXAMPLES
To check a password entered interactively:echo "MyP@sswOrd" | cracklib-check
To check against a custom dictionary:echo "weakpassword" | cracklib-check /path/to/my/custom/dictionary
HISTORY
cracklib
was originally developed by Alec Muffett, stemming from his work on password security tools in the early to mid-1990s. The cracklib-check
command serves as a simple and standard tool to verify if the password meets certain complexity criteria.
The utility became widely used to enhance system security, especially in environments with strict password policies.