Red Hat Bugzilla – Bug 158191
passwd checking module returns bad passwd inappropriately.
Last modified: 2007-11-30 17:11:06 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20041005
Description of problem:
When entering a passwd to the passwd program the brogram returns message:
BAD PASSWORD: it is based on a dictionary word
For example , with the passwd: kgf08p
that message is returned. This passwd has all consinents and 2 numbers. What word could it be based on. This has happened to me on other passwds unrelated to words.
returns: Bad passwd: is too simple.
returns: Bad passwd: based on a (reversed) dictionary word.
It is frustrating.
What rules are being used. They seem screwey.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2.Current unix passwd:
3.New passwd: fgk08p
Actual Results: Bad passwd: based on a (reversed) dictionary word.
Expected Results: Passwd would be accepted and a request to enter it again
The "too simple" is configurable by setting appropriate options to pam_cracklib
in the /etc/pam.d/system auth.
The dictionary check is done by the cracklib library.
Generally it can be said that 6 letters passwords are too short.
I am not so concerned with 6 character passwd being too short. My real concern
is the clain that it is based on a dictionary word. This is not just one passwd
but every passwd I have tried. Now the passwd fgk08p is not based on any word I
know so something is wrong with the argorithim. And it is very anoying if I am
trying to explain to a 1000 students how to make an acceptable passwd.
The dictionary check does character substitutions and so on so for the password
to pass it has to be different in more than x characters than any word in the
dictionary. The actual x value is in the cracklib sources and if it's for
example 4 than basically no 6 letters password can pass the check.
Feel free reopen the bug and reassign it to cracklib however I don't think the
algorithm or the x value will be changed.