Bug 965496 - Cracklib-check doesn't recognize long dictionary words as based on wordlist
Cracklib-check doesn't recognize long dictionary words as based on wordlist
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: cracklib (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-21 06:06 EDT by Hubert Kario
Modified: 2014-11-05 09:19 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-05 09:19:41 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Hubert Kario 2013-05-21 06:06:04 EDT
Description of problem:
The cracklib-check doesn't perform full dictionary matching for very long words.

Version-Release number of selected component (if applicable):
cracklib-2.8.16-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. create-cracklib-dict /usr/share/dict/words
2. echo  pneumonoultramicroscopicsilicovolcanoconiosis | cracklib-check

Actual results:
pneumonoultramicroscopicsilicovolcanoconiosis: OK

Expected results:
pneumonoultramicroscopicsilicovolcanoconiosis: Is based on dictionary word

Additional info:
Because of advent of passphrases, some very long passwords are not secure (e.g. "correcthorsebatterystaple"). User may want to filter such passphrases out.
Comment 2 RHEL Product and Program Management 2013-10-13 19:35:24 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Note You need to log in before you can comment on or make changes to this bug.