Recipe 9.2 Testing Login Passwords (CrackLib)

9.2.1 Problem

You want assurance that your login passwords are secure.

9.2.2 Solution

Write a little program that calls the FascistCheck function from CrackLib:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <crack.h>
#define DICTIONARY "/usr/lib/cracklib_dict"
int main(int argc, char *argv[]) {
        char *password;
        char *problem;
        int status = 0;
        printf("\nEnter an empty password or Ctrl-D to quit.\n");
        while ((password = getpass("\nPassword: ")) != NULL && *password ) {
                if ((problem = FascistCheck(password, DICTIONARY)) != NULL) {
                        printf("Bad password: %s.\n", problem);
                        status = 1;
                } else {
                        printf("Good password!\n");

Compile and link it thusly:

$ gcc cracktest.c -lcrack -o cracktest

Run it (the passwords you type will not appear on the screen):

$ ./cracktest
Enter an empty password or Ctrl-D to quit.
Password: xyz
Bad password: it's WAY too short.
Password: elephant
Bad password: it is based on a dictionary word.
Password: kLu%ziF7
Good password!

9.2.3 Discussion

CrackLib is an offshoot of Alec Muffet's password cracker, Crack. It is designed to be embedded in other programs, and hence is provided only as a library (and dictionary). The FascistCheck function subjects a password to a variety of tests, to ensure that it is not vulnerable to guessing.

9.2.4 See Also

Learn more about CrackLib at

Perl for System Administration (O'Reilly), section 10.5, shows how to make a Perl module to use CrackLib.

PAM can use CrackLib to force users to choose good passwords. [Recipe 4.2]

    Chapter 9. Testing and Monitoring