r4904 - trunk/BOOK/postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Tue Aug 9 17:33:23 PDT 2005

Author: randy
Date: 2005-08-09 18:33:22 -0600 (Tue, 09 Aug 2005)
New Revision: 4904

Modified the CrackLib instructions to use some contributed text from Alex and provided additional word lists and instructions

Modified: trunk/BOOK/postlfs/security/cracklib.xml
--- trunk/BOOK/postlfs/security/cracklib.xml	2005-08-09 20:35:15 UTC (rev 4903)
+++ trunk/BOOK/postlfs/security/cracklib.xml	2005-08-10 00:33:22 UTC (rev 4904)
@@ -61,24 +61,41 @@
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
-        <para>Recommended word list (size: &crackdict-size;;
-        md5sum: &crackdict-md5sum;): <ulink url="&crackdict-download;"/></para>
+        <para>Recommended word list for English-speaking locales (size:
+        &crackdict-size;; md5sum: &crackdict-md5sum;):
+        <ulink url="&crackdict-download;"/></para>
+        <para>Additional word lists:
+        <ulink url="http://www.cotse.com/tools/wordlists.htm"/></para>
+      </listitem>
+      <listitem>
         <para>Required patch to create a library used with the Heimdal
         Kerberos 5 package: <ulink
-    <!-- <para>You will also need to download a wordlist for use with
-    <application>cracklib</application>. There are two wordlists
-    to choose from at the following location.  Use the
-    <filename>cracklib</filename> word list for good security, or
-    opt for the <filename>allwords</filename> word list for
-    lightweight machines short on RAM. You can of course choose
-    any other word list that you have at your disposal.</para> -->
+    <important>
+      <para>Users tend to base their passwords on regular words of the spoken
+      language, and crackers know that. <application>CrackLib</application> is
+      intended to filter out such bad passwords at the source using a
+      dictionary created from word lists. To accomplish this, the word list(s)
+      for use with <application>CrackLib</application> must be an exhaustive
+      list of words and word-based keystroke combinations likely to be chosen
+      by users of the system as (guessable) passwords.</para>
+      <para>The default word list recommended above for downloading mostly
+      satisfies this role in English-speaking countries. In other situations,
+      it may be necessary to download (or even create) additional word
+      lists.</para>
+      <para>Note that word lists suitable for spell-checking are not usable
+      as <application>CrackLib</application> word lists in countries with
+      non-Latin based alphabets, because of <quote>word-based keystroke
+      combinations</quote> that make bad passwords.</para>
+    </important>
   <sect2 role="installation">
@@ -101,8 +118,14 @@
 <screen role="root"><userinput>make install &&
 mv -v /usr/lib/libcrack.so.2* /lib &&
-ln -v -sf ../../lib/libcrack.so.2.8.0 /usr/lib/libcrack.so &&
-install -v -m644 -D ../cracklib-words.gz \
+ln -v -sf ../../lib/libcrack.so.2.8.0 /usr/lib/libcrack.so</userinput></screen>
+    <para>The following commands can be used to install the recommended word
+    list. Other word lists (text based, one word per line) can also be used by
+    simply installing them into
+    <filename class='directory'>/usr/share/dict</filename>.</para>
+<screen role="root"><userinput>install -v -m644 -D ../cracklib-words.gz \
     /usr/share/dict/cracklib-words.gz &&
 gunzip -v /usr/share/dict/cracklib-words.gz &&
 ln -v -s cracklib-words /usr/share/dict/words &&
@@ -152,7 +175,8 @@
     names, etc.</para>
     <para><command>create-cracklib-dict ...</command>: This command creates the
-    <application>CrackLib</application> dictionary from the word lists.</para>
+    <application>CrackLib</application> dictionary from the word lists. Modify
+    the command to add any additional word lists you have installed.</para>

More information about the blfs-book mailing list