From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20041005 Description of problem: When entering a passwd to the passwd program the brogram returns message: BAD PASSWORD: it is based on a dictionary word For example , with the passwd: kgf08p that message is returned. This passwd has all consinents and 2 numbers. What word could it be based on. This has happened to me on other passwds unrelated to words. lkd45j returns: Bad passwd: is too simple. fgk08p returns: Bad passwd: based on a (reversed) dictionary word. It is frustrating. What rules are being used. They seem screwey. Version-Release number of selected component (if applicable): passwd-0.69-2 How reproducible: Always Steps to Reproduce: 1.passwd 2.Current unix passwd: 3.New passwd: fgk08p Actual Results: Bad passwd: based on a (reversed) dictionary word. Expected Results: Passwd would be accepted and a request to enter it again Additional info:
The "too simple" is configurable by setting appropriate options to pam_cracklib in the /etc/pam.d/system auth. The dictionary check is done by the cracklib library. Generally it can be said that 6 letters passwords are too short.
I am not so concerned with 6 character passwd being too short. My real concern is the clain that it is based on a dictionary word. This is not just one passwd but every passwd I have tried. Now the passwd fgk08p is not based on any word I know so something is wrong with the argorithim. And it is very anoying if I am trying to explain to a 1000 students how to make an acceptable passwd.
The dictionary check does character substitutions and so on so for the password to pass it has to be different in more than x characters than any word in the dictionary. The actual x value is in the cracklib sources and if it's for example 4 than basically no 6 letters password can pass the check. Feel free reopen the bug and reassign it to cracklib however I don't think the algorithm or the x value will be changed.