BLAG Forums
It is currently Sun Nov 29, 2015 10:36 am

All times are UTC

Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Sun Jul 27, 2008 1:25 am 

Joined: Mon Mar 27, 2006 11:05 pm
Posts: 286 ... f5a260.png

how does it do it?
i mean i understand the part about min chars, some chars and some numbers requirements as those can be put into some logic.
but matching the pass to a dictionary? - how does anaconda actually know that this is a dictionary word, it has it's own dictionary stashed somewhere in the background or what?

Last edited by gr00ve on Tue Aug 05, 2008 10:53 am, edited 1 time in total.

 Post subject:
PostPosted: Sun Jul 27, 2008 10:57 am 
Site Admin

Joined: Wed Mar 17, 2004 6:17 pm
Posts: 1340
Location: London, UK
where you connected to the net at the time. Maybe /*guess*/ that it connects to a server where it checks a dictionary? I think a "tiny shell" like nash or busybox could be running at the time and anaconda called a script to be run from that shell. During installations I hit <ctrl><alt><fnX> to get a vt and see what's going on.

BLAG 'em up!

 Post subject:
PostPosted: Sun Jul 27, 2008 2:53 pm 
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
It *definitely* doesn't connect to the net to check passwords. John's on a roll.

It uses cracklib, i assume.

Name        : cracklib                     Relocations: (not relocatable)
Version     : 2.8.12                            Vendor: Fedora Project
Release     : 2                             Build Date: Wed 20 Feb 2008 04:23:42 AM MST
Install Date: Mon 05 May 2008 10:51:47 PM MDT      Build Host:
Group       : System Environment/Libraries   Source RPM: cracklib-2.8.12-2.src.rpm
Size        : 110453                           License: GPLv2
Signature   : DSA/SHA1, Thu 10 Apr 2008 07:49:44 AM MDT, Key ID b44269d04f2a6fd2
Packager    : Fedora Project
URL         :
Summary     : A password-checking library
Description :
CrackLib tests passwords to determine whether they match certain
security-oriented characteristics, with the purpose of stopping users
from choosing passwords that are easy to guess. CrackLib performs
several tests on passwords: it tries to generate words from a username
and gecos entry and checks those words against the password; it checks
for simplistic patterns in passwords; and it checks for the password
in a dictionary.

CrackLib is actually a library containing a particular C function
which is used to check the password, as well as other C
functions. CrackLib is not a replacement for a passwd program; it must
be used in conjunction with an existing passwd program.

Install the cracklib package if you need a program to check users'
passwords to see if they are at least minimally secure. If you install
CrackLib, you will also want to install the cracklib-dicts package.

 Post subject:
PostPosted: Mon Jul 28, 2008 12:02 am 

Joined: Mon Mar 27, 2006 11:05 pm
Posts: 286
thanks, i've found the dictionary in cracklib

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group