Hello,I propose to modify the Cracklib page in the BLFS book. It should at least state that there are other wordlists available that can reduce the chance of the users choosing a bad password.
Background: with the publicly available wordlists, Cracklib doesn't do its job of blocking dictionary-based passwords in countries with non-Latin based alphabets. E.g. in Russia users work around a typical distro Cracklib setup by using Russian words typed using Latin layout as passwords, and Cracklib doesn't filter these certainly bad passwords out. So instead of using one set of bad passwords, such setup merely encourages users to choose another set of bad passwords.
The solution is to create a "wordlist" containing such messed words. For Russia, one can download ftp://ftp.ox.ac.uk/pub/wordlists/russian/russian_words.koi8.Z (or, better, a bigger wordlist in the KOI8-R encoding), and convert it to the form suitable for adding to Cracklib with the attached shell script.
zcat russian_words.koi8.Z | convert-layout.sh >messed-russian-words Verify that the string "gfhjkm" is in messed-russian-words.Of course the instructions above are too specific for Russia and probably are not suitable for adding to the book, but you get the idea.
-- Alexander E. Patrakov
convert-layout.sh
Description: Bourne shell script
-- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
