cracklib2 is a library containing a C function which may be
used in a passwd
like program. The idea is simple: try to prevent users from choosing
passwords that could be guessed by crack by filtering them out, at
source. cracklib2 is not a replacement passwd
program. cracklib2 is a library.
cracklib2 is an offshoot of version 5 of the crack software and contains a
considerable number of ideas nicked from the new software.
cracklib2's home page provides
some links on security publications and access to source code written by
the author of cracklib2. While there is a README there is not much documentation available on
cracklib2. Hopefully this page that I generated for the Debian/GNU Linux distribution will
improved this situation.
One of the most common security weaknesses in computer systems is the use
of easily guessed passwords. cracklib2 tries to prevent the
selection of weak passwords by checking potential passwords against dictionaries of commonly used or easily
Ideally, these checks should be done when a user is setting their
password. None of the packages in the standard Debian distributions are
currently compiled to support cracklib2! There are several
Debian packages that support
cracklib2 to some degree. Hopefully these and future
source packages will be configured and compiled to support
cracklib2 now that this Debian package is available.
I've put together a simple developer's HOW-TO that allows you
to modify the standard distributions to support cracklib2.
This link is only available if you installed the cracklib2-dev