FreeBSD manual

download PDF document: FascistCheck.3.pdf

CRACKLIB(3) FreeBSD Library Functions Manual CRACKLIB(3)
NAME FascistCheck - check a potential password for guessability
LIBRARY Cracklib (libcrack, -lcrack)
SYNOPSIS #include <packer.h>
char *FascistCheck(char *pw, char *dictpath)
DESCRIPTION CrackLib is a library containing a C function which may be used in a passwd(1)-like program.
The idea is simple: try to prevent users from choosing passwords that could be guessed by Crack by filtering them out, at source.
FascistCheck() takes two arguments:
pw a string containing the user's chosen "potential password"
dictpath the full path name of the CrackLib dictionary, without the suffix
CrackLib is an offshoot of the the version 5 Crack software, and contains a considerable number of ideas nicked from the new software.
CrackLib makes literally hundreds of tests to determine whether you've chosen a bad password.
o It tries to generate words from your username and gecos entry to try to match them against what you've chosen. o It checks for simplistic patterns. o It then tries to reverse-engineer your password into a dictionary word, and searches for it in your dictionary.
After all that, it's probably a safe(-ish) password.
RETURN VALUE FascistCheck() returns the NULL pointer for a good password or a pointer to a diagnostic string if it is a bad password.
BUGS It can't catch everything. Just most things.
It calls getpwuid(getuid()) to look up the user, which may affect poorly written programs.
Using more than one dictionary file, e.g.:
char *msg;
if (msg = FascistCheck(pw, "onepath") || msg = FascistCheck(pw, "anotherpath")) { printf("Bad Password: because %s\n", msg); }
SEE ALSO passwd(1), getpwuid(3),
CRACKLIB(3)