Recipe 9.2 Testing Login Passwords (CrackLib)

9.2.1 Problem

You want assurance that your login passwords are secure.

9.2.2 Solution

Write a little program that calls the FascistCheck function from CrackLib:

#include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <crack.h> #define DICTIONARY "/usr/lib/cracklib_dict" int main(int argc, char *argv[]) {         char *password;         char *problem;         int status = 0;         printf("\nEnter an empty password or Ctrl-D to quit.\n");         while ((password = getpass("\nPassword: ")) != NULL && *password ) {                 if ((problem = FascistCheck(password, DICTIONARY)) != NULL) {                         printf("Bad password: %s.\n", problem);                         status = 1;                 } else {                         printf("Good password!\n");                 }         }         exit(status); }

Compile and link it thusly:

$ gcc cracktest.c -lcrack -o cracktest

Run it (the passwords you type will not appear on the screen):

$ ./cracktest Enter an empty password or Ctrl-D to quit. Password: xyz Bad password: it's WAY too short. Password: elephant Bad password: it is based on a dictionary word. Password: kLu%ziF7 Good password!

9.2.3 Discussion

CrackLib is an offshoot of Alec Muffet's password cracker, Crack. It is designed to be embedded in other programs, and hence is provided only as a library (and dictionary). The FascistCheck function subjects a password to a variety of tests, to ensure that it is not vulnerable to guessing.

9.2.4 See Also

Learn more about CrackLib at http://www.crypticide.org/users/alecm.

Perl for System Administration (O'Reilly), section 10.5, shows how to make a Perl module to use CrackLib.

PAM can use CrackLib to force users to choose good passwords. [Recipe 4.2]



Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net