cracklib-check

cracklib-check [OPTIONS] [dictionary_path]

dictionary_path
    Path to the cracklib dictionary to use. If omitted, uses the default dictionary path.

The cracklib-check command is a utility used to check the strength of a password against a dictionary of common passwords and password patterns. It leverages the cracklib library to determine if a proposed password is easily guessable. It's primarily used in password management systems to enforce password policies and prevent users from choosing weak passwords. It reads a password from standard input, evaluates its strength based on the configured dictionary and heuristics, and reports its findings to standard output. The command is essential for improving system security by reducing the likelihood of successful password-based attacks.

It is part of the libcrack2 package.

The effectiveness of cracklib-check is limited by the completeness and currency of its dictionary. Outdated dictionaries or dictionaries not tailored to specific attack patterns may result in false negatives.

The exit status indicates the outcome of the check. A zero exit status typically indicates that the password is weak, while a non-zero status suggests it might be acceptable, although the specific meanings depend on the implementation. Check the documentation for exact values.

While useful, cracklib-check isn't a perfect solution. Attackers can use sophisticated methods to bypass the check. It's important to combine it with other security measures for enhanced protection.

To check a password entered interactively:
echo "MyP@sswOrd" | cracklib-check
To check against a custom dictionary:
echo "weakpassword" | cracklib-check /path/to/my/custom/dictionary

cracklib was originally developed by Alec Muffett, stemming from his work on password security tools in the early to mid-1990s. The cracklib-check command serves as a simple and standard tool to verify if the password meets certain complexity criteria.

The utility became widely used to enhance system security, especially in environments with strict password policies.

passwd(1), pwck(8)