create-cracklib-dict

create-cracklib-dict [FILE...]
create-cracklib-dict < WORDLIST_FILE

The create-cracklib-dict command is a utility used to build or refresh the dictionary files for the CrackLib password strength checking library. It processes one or more word list files (or standard input) and converts them into a highly optimized, indexed database format that CrackLib can quickly search. This dictionary is crucial for CrackLib's function, enabling it to efficiently identify weak passwords that are simple dictionary words or common patterns. The generated dictionary typically resides in /var/lib/cracklib/cracklib_dict.{hwm,pwc,rec} and is subsequently used by tools like cracklib-check to enforce strong password policies on Linux and Unix-like systems. Building a comprehensive dictionary is a fundamental step in deploying effective password security.

Root Privileges: Requires administrative (root) privileges to write to the default system dictionary location (typically /var/lib/cracklib).
Time Consumption: Processing very large wordlists can be time-consuming and resource-intensive.
Dictionary Size Impact: While a larger dictionary improves password cracking resistance, an excessively large dictionary can slightly impact the performance of password validation checks.
Input Format: Wordlist files must contain one word per line.

The dictionary files generated by create-cracklib-dict are typically stored in /var/lib/cracklib/cracklib_dict.{hwm,pwc,rec}. These three files collectively form the compressed and indexed CrackLib dictionary database.

A common way to create the dictionary is by piping a standard wordlist to the command, for example:
cat /usr/share/dict/words | create-cracklib-dict
or by specifying multiple files:
create-cracklib-dict /usr/share/dict/words /opt/my_custom_words.txt

The create-cracklib-dict command is often a shell script wrapper that calls the lower-level utility cracklib-packer. It simplifies the process of creating the dictionary by handling paths and input/output redirection.

The CrackLib suite, including create-cracklib-dict, was primarily developed by Alec Muffett. It emerged as a response to the pervasive issue of weak passwords in computing systems. Its development focused on providing a robust and efficient mechanism for system administrators to enforce stronger password policies. CrackLib quickly became a de-facto standard in Unix and Linux environments, integrated into PAM (Pluggable Authentication Modules) and other authentication mechanisms to prevent users from choosing easily guessable passwords. The command's core function, packing dictionaries, has remained central to its operation since its inception.

cracklib-check(1), cracklib-packer(8), cracklib-unpacker(8), passwd(1)