Commit 01315aa9 authored by Jan Dittberner's avatar Jan Dittberner

Imported Upstream version 2.8.15

parent c126aafd
This diff is collapsed.
Nathan Neulinger <>
version 3.0 modifications and new release
Alec Muffett <>
Original CrackLib author for releases up to v2.7
Numerous others has provided patches included in both this and
previous releases.
This diff is collapsed.
Installation Instructions
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004 Free
Software Foundation, Inc.
This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. (Caching is
disabled by default to prevent problems with accidental use of stale
cache files.)
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `' (or `') is used to create
`configure' by a program called `autoconf'. You only need
`' if you want to change it or regenerate `configure' using
a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
Some systems require unusual options for compilation or linking that the
`configure' script does not know about. Run `./configure --help' for
details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not support the `VPATH'
variable, you have to compile the package for one architecture at a
time in the source code directory. After you have installed the
package for one architecture, use `make distclean' before reconfiguring
for another architecture.
Installation Names
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PREFIX'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PREFIX', the package will
use PREFIX as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
There may be some features `configure' cannot figure out automatically,
but needs to determine by the type of machine the package will run on.
Usually, assuming the package is built to be run on the _same_
architectures, `configure' can figure that out, but if it prints a
message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
where SYSTEM can have one of these forms:
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the `--target=TYPE' option to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
If you want to set default values for `configure' scripts to share, you
can create a site shell script called `' that gives default
values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/' if it exists, then
`PREFIX/etc/' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
will cause the specified gcc to be used as the C compiler (unless it is
overridden in the site shell script).
`configure' Invocation
`configure' recognizes the following options to control how it operates.
Print a summary of the options to `configure', and exit.
Print the version of Autoconf used to generate the `configure'
script, and exit.
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
Alias for `--cache-file=config.cache'.
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
SUBDIRS = m4 lib util po doc python dicts
EXTRA_DIST = config.rpath mkinstalldirs \ \ \
@echo =======================================================
@echo Be sure and obtain a large wordlist file and run
@echo 'make install' and 'make dict' to generate the word
@echo list index file. See the README file for more details.
@echo =======================================================
test: all
@echo =======================================================
@echo If you get an error when running 'make test' about a
@echo missing pw_dict.pwd file, that indicates that the word
@echo list dictionary file has not been built. You need to
@echo at least run 'make install' and 'make dict' to install
@echo the dictionay. See the README file for more details.
@echo =======================================================
util/cracklib-check < test-data
dict: all
if test "x$(CROSS_COMPILING)" = "xno" ; then \
export PATH="$(top_builddir)/util:$$PATH" ; \
export LD_LIBRARY_PATH="$(top_builddir)/lib/.libs:$$LD_LIBRARY_PATH" ; \
fi ; \
create-cracklib-dict "$(srcdir)"/dicts/*
dict-local: all
if test "x$(CROSS_COMPILING)" = "xno" ; then \
export PATH="$(top_builddir)/util:$$PATH" ; \
export LD_LIBRARY_PATH="$(top_builddir)/lib/.libs:$$LD_LIBRARY_PATH" ; \
fi ; \
cracklib-format "$(srcdir)"/dicts/* | cracklib-packer $(DESTDIR)/$(DEFAULT_CRACKLIB_DICT)
This diff is collapsed.
v2.8.15 allow building of Python extension outside source folder (Jan Dittberner)
fix type on Python extension's trove classifier
reflect license change discussion that was never actually implemented in the repository and update to LGPL
v2.8.14 Added Assamese translation (Amitakhya Phukan)
Added Bengali India translation (Runa Bhattacharjee)
Added Gujarati translation (Ankit Patel)
Added Kannada translation (shankysringeri)
Added Malayalam translation (Ani Peter)
Added Marathi translation (Sandeep Shedmake)
Added Oriya translation (Manoj Giri)
Added Russian translation (Anton Dobkin)
Added Tamil translation (I. Felix)
Added Telugu translation (Krishna Babu)
Updated Polish translation (Piotr Drąg)
Updated Panjabi translation (A S Alam)
optimize order of commands in util/cracklib-format (Jan Dittberner, Debian)
fix several CC warnings (Jan Dittberner, Debian)
add a function GetDefaultCracklibDict() to libcrack
bump library revision
add python/ to allow building eggs
v2.8.13 Compressed dictionary support and better python module
v2.8.11 Better create-cracklib-dict helper script (Mike Frysinger)
v2.8.10 Patch for better hanlding of cracklist dictionary paths in python binding. (Nalin Dahyabhai)
v2.8.8 Some shell quoting fixups for build scripts (Mike Frysinger)
v2.8.7 Add support for NLS builds on FreeBSD
v2.8.6 Add some sanity checkng to auto* script calls. (Mike Frysinger)
Add support for cross compiling with a local dictionary
Add a configure option to control default dictionary path
Adjustments to prototypes to use const, and more language support. (Thorsten Kukuk <>)
v2.8.5 Patches for python build and missing config.rpath
v2.8.4 Patches for mod_php build issues
Full localization of strings thanks to Thorsten Kukuk.
Patches for python binding support thanks to Nalin Dahyabhai
v2.8.3 Deal with integer type and header portability issues
v2.8.2 Check for LINE_MAX, cygwin workaround (sf patch #125964, Jürgen)
Fix a buffer overflow in packlib file handling (not a security issue)
patch provided as #126097 by Jürgen
v2.8.1 Install packer.h, php needs it, and address prototypes
v2.8 new package, auto'ified with libtool and numerous bug fixes, forked
from original v2.7 distribution with the approval of the author
v2.7 mkdict/tr problem eliminated;
misc fixes suggested by Andrey Savochkin <> (with thanks)
v2.6 buffer overflow problems addressed - 1st attempt
permutations of fascist deconstructors fixed/enhanced
v2.5 added decent info to the "shadow" directory patches.
v2.4 forwarded to ch & jfh3 for beta testing/comments
v2.3- internal beta test versions
This diff is collapsed.
How does the DAWG dictionary-compression algorithm work?
Essentially it is a preprocessor for gzip that removes redundancy from a sorted list of words, and typically shrinks an input wordlist by some 50% without negatively impacting gzip's ability to further compress the file.
In the new version of the DAWG code - slightly improved over the version that ships with Crack v5.0, but fundamentally the same - all you need do is:
1. sort the wordlist into normal Unix order. (beware localization!)
2. for each word that the DAWG preprocessor reads...
3. count how many leading characters it shares with the previous word that was read...
4. encode that number as a character from the set [0-9A-Za-z] for values 0..61 (if the value is >61 then stop there)
5. print said character (the encoded number) and the remaining stem of the word
6. end-for-loop
compresses to:
#!xdawg magic header
0foo first word has no letters in common with anything
3t next has three letters in common, and a 't'
4le "foot" + "le"
1ubar "f" + "ubar"
3 "fub" + "" => truncation
0grunt back to nothing in common
Inspiration for using DAWG in Crack came from Paul Leyland back in the early 1990s, who mentioned something similar being used to encode dictionaries for crossword-puzzle solving programs; we continue to be astonished at how effective DAWG is on sorted inputs without materially impacting subsequent compression (ie: gzip); a gzipped-DAWG file is also typically about 50% of the size of the gzipped non-DAWGed file.
Just goes to prove that knowledge of the sort of input you'll be dealing with, can beat a general-purpose program hands-down; there are also interesting conclusions that can be drawn regarding the entropy of human languages after sorting.
This diff is collapsed.
A tiny example wordlist is included with the cracklib package
itself. A very large dictionary suitable for use with cracklib
is also available from the cracklib sourceforge download page.
Other sources for word lists include:
Please note, the licenses on some of those word lists are
restrictive, so please read the licenses before redistributing them.
The cracklib-words distribution from the cracklib sourceforge
project page has been built solely from word lists previously
distributed with cracklib or crack packages and/or public
domain word lists.
For best results, supply cracklib with as large a wordlist as you
have available to you - blackhats brute forcing passwords have those
same lists, might as well use it to benefit your security.
This diff is collapsed.
#!/bin/sh -x
# This script runs commands necessary to generate a Makefile for libgif.
#echo "Warning: This script will run configure for you -- if you need to pass"
#echo " arguments to configure, please give them as arguments to this script."
srcdir=`dirname $0`
test -z "$srcdir" && srcdir=.
cd $srcdir
aclocal -I m4 || exit 1
autoheader || exit 1
libtoolize --automake --copy || exit 1
automake --add-missing --copy || exit 1
autoconf || exit 1
automake || exit 1
# I hate that...
#$srcdir/configure $*
exit 0
This diff is collapsed.
/* Generated from by autoheader. */
/* Define to 1 if translation of program messages to the user's native
language is requested. */
/* Define if the GNU dcgettext() function is already present or preinstalled.
/* Define to 1 if you have the <dlfcn.h> header file. */
/* Define to 1 if you have the <fcntl.h> header file. */
/* Define to 1 if you have the `getpwuid_r' function. */
/* Define if the GNU gettext() function is already present or preinstalled. */
/* Define if you have the iconv() function. */
/* Define to 1 if you have the <inttypes.h> header file. */
/* Define to 1 if you have the <memory.h> header file. */
/* Define to 1 if you have the <pthread.h> header file. */
/* Define to 1 if you have the <stdint.h> header file. */
/* Define to 1 if you have the <stdlib.h> header file. */
/* Define to 1 if you have the `strdup' function. */
/* Define to 1 if you have the <strings.h> header file. */
/* Define to 1 if you have the <string.h> header file. */
/* Define to 1 if you have the <sys/stat.h> header file. */
/* Define to 1 if you have the <sys/types.h> header file. */
/* Define to 1 if you have the <unistd.h> header file. */
/* Define to 1 if you have the <zlib.h> header file. */
#undef HAVE_ZLIB_H
/* Name of package */
#undef PACKAGE
/* Define to the address where bug reports for this package should be sent. */
/* Define to the full name of this package. */
/* Define to the full name and version of this package. */
/* Define to the one symbol short name of this package. */
/* Define to the version of this package. */
/* Define to 1 if you have the ANSI C header files. */
/* Version number of package */
#undef VERSION
/* Define to 1 if the X Window System is missing or not being used. */
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
dnl Process this file with autoconf to produce a configure script.
AM_INIT_AUTOMAKE(cracklib, 2.8.15)
dnl Set of available languages.
ALL_LINGUAS="as bn_IN cs da de el es fi fr gu hu it ja kn lt nb nl ml mr or pa pl pt_BR pt ru sl_SI sk ta te tr zh_CN zh_TW"
dnl Checks for programs.
AC_CHECK_HEADERS(zlib.h, AC_DEFINE(HAVE_ZLIB_H, [], [found zlib]))
AC_SEARCH_LIBS(gzopen, z)
dnl Cygwin workaround
[#include <limits.h>
#ifdef LINE_MAX
], line_max_defined=yes, line_max_defined=no)
if test "$line_max_defined" = "no"; then
dnl Checks for typedefs, structures, and compiler characteristics.
dnl Check for utility functions that may need to be replaced
dnl internationalization macros
dnl Control default dictname
AC_MSG_CHECKING(default dict filename)
AC_HELP_STRING(--with-default-dict,[Specify default dict filename]),
AC_SUBST(DEFAULT_CRACKLIB_DICT, $default_cracklib_dict)
dnl Check for python, unless we were told to not try to build a python module
AC_HELP_STRING(--without-python,[Build a python module @<:@default=auto@:>@]),
if test "$build_python" != no ; then
[if test "$build_python" != yes ; then
AC_MSG_WARN([python was not found, continuing])
AC_MSG_ERROR([python was required but not found])
if test "$build_python" != no ; then
[if test "$build_python" != yes ; then
AC_MSG_WARN([python headers not found, continuing])
AC_MSG_ERROR([python headers not found])
if test "$build_python" != no ; then
AM_CONDITIONAL(BUILD_PYTHON,[test "$build_python" = "yes"])
dnl Handle local dict compiling properly
AC_SUBST(CROSS_COMPILING, $cross_compiling)
AC_OUTPUT(util/Makefile lib/Makefile doc/Makefile python/Makefile Makefile \
python/ \
po/ m4/Makefile dicts/Makefile cracklib.spec)
%define root crack
%define maj 2
%define libname %mklibname %root %maj
%define libnamedev %libname-devel
Summary: A password strength-checking library.
Name: cracklib
Version: @VERSION@
Release: 1
Group: System/Libraries
Source: cracklib-%{version}.tar.gz
Source1: cracklib-words.gz
License: GPL
Buildroot: %{_tmppath}/%{name}-root
CrackLib tests passwords to determine whether they match certain
security-oriented characteristics. You can use CrackLib to stop
users from choosing passwords which would be easy to guess. CrackLib
performs certain tests:
* It tries to generate words from a username and gecos entry and
checks those words against the password;
* It checks for simplistic patterns in passwords;
* It checks for the password in a dictionary.
CrackLib is actually a library containing a particular
C function which is used to check the password, as well as
other C functions. CrackLib is not a replacement for a passwd
program; it must be used in conjunction with an existing passwd
Install the cracklib package if you need a program to check users'
passwords to see if they are at least minimally secure. If you
install CrackLib, you'll also want to install the cracklib-dicts
%package -n %libname
Summary: A password-checking library.
Group: System/Libraries
Provides: lib%{root}-devel %{root}-devel = %{version}-%{release}
Obsoletes: cracklib
%description -n %libname
%package dicts
Summary: The standard CrackLib dictionaries.
Group: System/Libraries
%description dicts
The cracklib-dicts package includes the CrackLib dictionaries.
CrackLib will need to use the dictionary appropriate to your system,
which is normally put in /usr/share/dict/words. Cracklib-dicts also contains
the utilities necessary for the creation of new dictionaries.
If you are installing CrackLib, you should also install cracklib-dicts.
%package -n %libnamedev
Summary: Cracklib link library & header file
Group: Development/C
Provides: lib%{root}-devel %{root}-devel = %{version}-%{release}
Provides: %{root}lib-devel = %{version}-%{release}
Requires: %{libname} = %{version}-%{release}
Obsoletes: cracklib-devel
%description -n %libnamedev
The cracklib devel package include the needed library link and
header files for development.