Description of problem: cracklib-check returns OK for a clearly bad password: Version-Release number of selected component (if applicable): cracklib-2.9.6-21.fc31.src.rpm How reproducible: Always Steps to Reproduce: Test the password "wayne walker" with a passwd entry: wwalker:x:1000:1000:Wayne Walker:/home/wwalker:/bin/bash wwalker@browncoat:~ ✓ $ echo "wayne walker" | cracklib-check wayne walker: OK wwalker@browncoat:~ ✓ $ echo "walker" | cracklib-check walker: it is too simplistic/systematic wwalker@browncoat:~ ✓ $ echo "wayne-walker" | cracklib-check wayne-walker: it is derived from your password entry wwalker@browncoat:~ ✓ $ echo "wayne" | cracklib-check wayne: it is too short Actual results: wayne walker: OK Expected results: wayne walker: it is based on a dictionary word wayne walker: it is derived from your password entry Additional info:
Without "Wayne Walker" in the GCOS field. It allows wayne-walker also: wwalker@browncoat:~ ✓ $ echo "wayne-walker" | cracklib-check wayne-walker: OK
cracklib-check is a testing tool. We use libpwquality and pam_pwquality to check the password strength for the real system passwords and this tool allows to check the gecos if you set gecoscheck=1 in /etc/pwquality.conf.