Last night I tried to install CrackLib on my home server running Ubuntu 6.10 Edgy Eft distro. If you don't know what CrackLib does, it is a library that may (and should) be used by security-concious applications to prevent users from choosing passwords that are too simple (and thus could be guessed or easily cracked by brute-force attack). And for those who think this is not an important issue, Bruce Schneier, well-known security expert, has posted in his blog the list of top 20 passwords including such favorites as abc123, 123abc, myspace1, and the single most-used key, password1!

I proceeded as usual:

          $ sudo apt-get install cracklib2


The catch is: for some reason Ubuntu doesn't tell you what to do next! It doesn't provide you with a word list, doesn't create a dictionary required to use cracklib during installation sequence, and even man cracklib is pretty sparse on info.

However, it's all there, you just have to know where to look for it! After some good old trial'n'error I was able to find the way to do it myself. So here goes:

  1. install cracklib-runtime and add any of the localized wordlist packages to taste – wamerican, wbritish, wfrench, etc (run apt-get install wordlist for the full list):

    $ sudo apt-get install cracklib-runtime wbritish
  2. (optional) download extra lists (e.g. at COTSE's Word Lists) and put them to /usr/share/dict directory:

    $ sudo mv /path/to/downloaded/file /usr/share/dict
  3. generate CrackLib dictionary from downloaded word lists:

    $ sudo update-cracklib /var/cache/cracklib/cracklib_dict

This will create files named cracklib_dict.hwm, cracklib_dict.pwd and cracklib_dict.pwi in /var/cache/cracklib/ directory - which is exactly where CrackLib expects them to be. And that's it! Wish this info was there in the first place...

You can now check if anything went as expected by running crack_teststr - it will ask you to enter dictionary words and tell you if they exist or not (Ctrl + C to finish).