Your message dated Fri, 27 Jan 2012 15:47:15 +0000
with message-id <[email protected]>
and subject line Bug#657464: fixed in cracklib2 2.8.18-4
has caused the Debian Bug report #657464,
regarding libcrack2: Please add check against "The Top 500 Worst Passwords of
All Time"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
657464: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657464
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libcrack2
Version: 2.8.18-3
Severity: wishlist
Tags: upstream
Hi,
I think this is more a wishlist bug addressed at upstream, but anyway:
There is a list available [1] that contains the 500 worst (i.e. most often
used) passwords of all time. It contains a lot of obvious ones (and maybe
misses some of the *too* obvious ones) and also some that pass the regular
cracklib tests but are bad because they contain obvious references (to music,
movies, etc.).
It would be nice of the FascistCheck() function of libcrack2 could be extended
to look up the given password in this list of 500 rather early and error out if
it's found.
Please tell me what you think about it and if you would accept a patch.
- Fabian
[1] http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (501, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.1.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages libcrack2 depends on:
ii libc6 2.13-24
ii zlib1g 1:1.2.5.dfsg-1
Versions of packages libcrack2 recommends:
ii cracklib-runtime 2.8.18-3
libcrack2 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: cracklib2
Source-Version: 2.8.18-4
We believe that the bug you reported is fixed in the latest version of
cracklib2, which is due to be installed in the Debian FTP archive:
cracklib-runtime_2.8.18-4_amd64.deb
to main/c/cracklib2/cracklib-runtime_2.8.18-4_amd64.deb
cracklib2_2.8.18-4.debian.tar.gz
to main/c/cracklib2/cracklib2_2.8.18-4.debian.tar.gz
cracklib2_2.8.18-4.dsc
to main/c/cracklib2/cracklib2_2.8.18-4.dsc
libcrack2-dev_2.8.18-4_amd64.deb
to main/c/cracklib2/libcrack2-dev_2.8.18-4_amd64.deb
libcrack2_2.8.18-4_amd64.deb
to main/c/cracklib2/libcrack2_2.8.18-4_amd64.deb
python-cracklib_2.8.18-4_amd64.deb
to main/c/cracklib2/python-cracklib_2.8.18-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Dittberner <[email protected]> (supplier of updated cracklib2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 27 Jan 2012 15:38:32 +0100
Source: cracklib2
Binary: libcrack2 libcrack2-dev cracklib-runtime python-cracklib
Architecture: source amd64
Version: 2.8.18-4
Distribution: unstable
Urgency: low
Maintainer: Jan Dittberner <[email protected]>
Changed-By: Jan Dittberner <[email protected]>
Description:
cracklib-runtime - runtime support for password checker library cracklib2
libcrack2 - pro-active password checker library
libcrack2-dev - pro-active password checker library - development files
python-cracklib - Python bindings for password checker library cracklib2
Closes: 657464
Changes:
cracklib2 (2.8.18-4) unstable; urgency=low
.
[ Fabian Greffrath ]
* Extend the tiny example wordlist included with the cracklib package
itself with the words from the list of "The Top 500 Worst Passwords
of All Time" [1], modulo the ones that fail the regular cracklib tests
anyway (Closes: 657464).
[1] <http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time>
* Move the /usr/share/cracklib/cracklib-small wordlist file from the
libcrack2 to the cracklib-runtime package and install it into
/usr/share/dict. So there will always be at least the tiny example
wordlist to compile a database from, even if no other package providing
a wordlist (though recommended) is installed.
* Do not install the /usr/share/cracklib/cracklib.magic file anymore.
It was installed in the wrong location anyway and the file(1) tool
is able to independently detect cracklib databases since at least 2005.
* Remove config.h.in in the clean rule in debian/rules,
fixes FTBFS twice in a row.
.
[ Jan Dittberner ]
* update patch debian/patches/top-500-worst-passwords.patch to add
additional words suggested by Fabian to dicts/cracklib-small
Checksums-Sha1:
3aa7212eeb1aff405d73259c624326371233a888 2176 cracklib2_2.8.18-4.dsc
1d0db34d9d25d37b23a50e46f144b97093ab84ca 29630 cracklib2_2.8.18-4.debian.tar.gz
134103896c0ac8b31644548d1976d2a3a1d6dbf0 59674 libcrack2_2.8.18-4_amd64.deb
8ab42da5240b0e1f82fc867e727333ecc160479b 36880 libcrack2-dev_2.8.18-4_amd64.deb
93f6f72b95d939b2140433ba4a5943d4f33eba22 183472
cracklib-runtime_2.8.18-4_amd64.deb
b6016f08d57fd5552128192e0e135bbe9794504e 25694
python-cracklib_2.8.18-4_amd64.deb
Checksums-Sha256:
fa795cb074cc45b06ebfb0c368e4e949ad9a6afc90bee906585c0a98bbf2b170 2176
cracklib2_2.8.18-4.dsc
8eb365cadbe648697ad9af2deb1b5c345273b7b0ea8a21dbbb86ff1acce2fc7a 29630
cracklib2_2.8.18-4.debian.tar.gz
bb4a4c08c1f1da3f75e06e5e83e39eaaefc4c4f859b642b0ce7e0b8fa1d56568 59674
libcrack2_2.8.18-4_amd64.deb
31305fefb1190a7483b6a203e50312d35014868491b434f6edbb126add14e815 36880
libcrack2-dev_2.8.18-4_amd64.deb
b90bdb51a7fdca008675dabca14cf4bfd5b8bcf40e66f013c7e7de835b66b0a4 183472
cracklib-runtime_2.8.18-4_amd64.deb
7c527c8da4e00f01ec269ceb38fa42855ef65a0c4d7df566d9e073a44c4250ab 25694
python-cracklib_2.8.18-4_amd64.deb
Files:
85b3262c44e95b1b82a9d10270b0bd31 2176 libs optional cracklib2_2.8.18-4.dsc
5de4e3698c9cb40da746b492479efad9 29630 libs optional
cracklib2_2.8.18-4.debian.tar.gz
7b6882a1a57e73bc859fa109b28f6215 59674 libs optional
libcrack2_2.8.18-4_amd64.deb
de26cf0c39717ae09e27285714aed67b 36880 libdevel extra
libcrack2-dev_2.8.18-4_amd64.deb
8721c87d907a28e3bd3882a7f2f9ee34 183472 admin optional
cracklib-runtime_2.8.18-4_amd64.deb
8486f73cdb5b78b284634ce0e7aef03b 25694 python optional
python-cracklib_2.8.18-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPIrhMAAoJEKc+AFVVj7jdDhMP/0+rcUqITTgA56f+Loevm6XQ
MNHI6ZV+rSKP51F0UxfogMblCIEPHiQrAhK7aVHMqN2VzPcgSLRe0BO337ERzb/I
IsrF5fgkIlKLEiZjA8RfTyVclUteNLmEt4WHLDhIfEqLiTtQoVLzG+m6/ORQrvyo
kLuRennJ2ie4BLuIbEafXjQ14rkG5XwbYckk61YlUx4LIqCI9IMs1MsTW12FPMD5
PUqvkgMc5LEu2iE/B42xr6BexrD3i8kmgrxm9twSFwW2MXahWNCj8K8BvwBlhE9q
NwVaUKjb5QyLgZgq02TPbo/zNizGz/EajCg+WoB3s9e9fDW3pFVr0QV/dMF6ovz3
p1jlnFhSgTIbmENBNX3QOil7GoxAzlr7yl2DVNJnkRRWtiHr5OoeXZ/X5iyrkPZ+
58hS+eY5po7T+6Vpi1ROHqBfg21AweZMcz/E2Dxy0JHebU6/b+IOizX8/a5iMGjJ
DHZtxgkkWCDp/7sOR3lNYraITqwCYw26iubHeusOoWRLonfTBCiyvGw6Vykiigdj
EB2OQT4INMEi60c99oNQNsRtoys3tG04D8UmtUtFprs0vUvJiLfeGQ1zz0TYUE4V
H6e18FJPjhC0ffr8qU7yp0+OxFUSIJmGF+fRcDRFu6/3cQ1Ix9yE5sMEyN2xkA/p
mWN1WUYatcd+S9BwNf2h
=8yUx
-----END PGP SIGNATURE-----
--- End Message ---
