Date: Fri, 9 Jan 2015 16:23:15 +0300 From: Solar Designer <solar@...nwall.com> To: passwdqc-users@...ts.openwall.com Subject: Re: libpasswdqc usage Hi Jaime, On Fri, Jan 09, 2015 at 12:21:31PM +0100, Jaime Fern??ndez wrote: > I'm testing libpasswdqc and libcrack2 to check passwords. I've a sample > program with libcrack2 (the one included in the dist) but I dont find any > example to know how to use libpasswdqc. Can you write a sample? Thanks in > advance. The included pwqcheck program also serves as the example you ask for: it uses libpasswdqc. In fact, I recommend that you simply use pwqcheck for your testing. When invoked as "pwqcheck -1 --multi", it will read and test multiple passwords at once (one per line). Regarding testing of passwdqc vs. its "competitors", please take a look at this presentation: http://www.slideshare.net/antondedov5/zn2013-testing-of-password-policy-abridged Also relevant is this test: http://openwall.info/wiki/passwdqc/rockyou I'd be curious to know how libcrack2 performs when tested in these ways. (I wish Anton included it, but I guess CrackLib was deemed too ancient.) I expect it will perform rather poorly. Last time I checked, which I admit was almost a decade ago, pam_cracklib as used by some Linux distros would even permit many all-numeric passwords. In fact, being unsatisfied with CrackLib and pam_cracklib provided some of the motivation for me to write pam_passwdqc in 2000, and it eventually turned into the passwdqc package with the separate library and tools. From a quick look at http://soc.if.usp.br/manual/libcrack2/libcrack2.html it appears to be merely a currently maintained version of the old CrackLib code. But I could be wrong. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.