cracklib-format

cracklib-format [file...]

The cracklib-format command is a utility provided as part of the cracklib suite, which is used for password strength checking. Its primary function is to preprocess raw word lists, preparing them for use in creating cracklib dictionaries. When given a plain text file containing words (one word per line, or space-separated), it performs several transformations:
1. Converts all characters within each word to lowercase.
2. Removes any non-alphabetic characters from the words.
3. Filters out duplicate words.
4. Sorts the resulting unique, lowercase, alphabetic words alphabetically.

This formatted output is a crucial intermediate step. The cleaned and normalized word list generated by cracklib-format is then typically fed into cracklib-packer, which converts it into the binary dictionary files (e.g., .hwm, .pwi, .pwd) that cracklib-check uses to validate the strength of user-chosen passwords.

cracklib-format is designed to work primarily with ASCII word lists; its behavior with Unicode characters may not be as expected and might lead to unexpected filtering or corruption. The command aggressively filters words, keeping only alphabetic characters and converting them to lowercase. This means any numbers, symbols, or mixed-case variations present in the original word list will be lost, which might not be desirable for all dictionary use cases. The output is always sorted alphabetically and contains only unique entries, meaning all duplicates are removed.

By default, cracklib-format reads its word list input from standard input (stdin). If one or more file arguments are provided on the command line, it reads from those files consecutively. The processed, formatted word list is then written to standard output (stdout). This design facilitates its use in pipelines, allowing for seamless integration with other commands, for example:
cat my_raw_words.txt | cracklib-format > my_formatted_words.txt

cracklib-format represents the first essential step in building custom cracklib dictionaries from scratch. The typical workflow for creating and deploying a new dictionary involves:
1. Acquiring a raw word list (e.g., from a plain text file).
2. Running this raw list through cracklib-format to clean and normalize it.
3. Feeding the formatted output into cracklib-packer, which compresses and indexes the words into the binary dictionary files required by cracklib.
4. Finally, placing these binary dictionary files in the appropriate system location for cracklib-check and other password validation services to utilize.

The cracklib library, along with its associated utilities such as cracklib-format, was initially developed by Alec Muffett. It was conceived as a robust mechanism to enhance system security by preventing users from selecting easily guessable or commonly known weak passwords. Since its inception, cracklib has become a widely adopted component in Unix-like operating systems, serving as a fundamental tool for enforcing stronger password policies.

cracklib-check(1), cracklib-packer(8), cracklib(7)