Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158191 - passwd checking module returns bad passwd inappropriately.
Summary: passwd checking module returns bad passwd inappropriately.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: passwd
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-19 14:27 UTC by akonstam
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-19 14:52:02 UTC


Attachments (Terms of Use)

Description akonstam 2005-05-19 14:27:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20041005

Description of problem:
When entering a passwd to the passwd program the brogram returns message:
BAD PASSWORD: it is based on a dictionary word
For example , with the passwd: kgf08p
that message is returned. This passwd has all consinents and 2 numbers. What word could it be based on. This has happened to me on other passwds unrelated to words.
lkd45j
returns: Bad passwd: is too simple.
fgk08p 
returns: Bad passwd: based on a (reversed) dictionary word.

It is frustrating.

What rules are being used. They seem screwey.

Version-Release number of selected component (if applicable):
passwd-0.69-2

How reproducible:
Always

Steps to Reproduce:
1.passwd
2.Current unix passwd:
3.New passwd: fgk08p
  

Actual Results:  Bad passwd: based on a (reversed) dictionary word.

Expected Results:  Passwd would be accepted and a request to enter it again

Additional info:

Comment 1 Tomas Mraz 2005-05-19 14:52:02 UTC
The "too simple" is configurable by setting appropriate options to pam_cracklib
in the /etc/pam.d/system auth.
The dictionary check is done by the cracklib library.

Generally it can be said that 6 letters passwords are too short.


Comment 2 akonstam 2005-05-19 16:28:19 UTC
I am not so concerned with 6 character passwd  being too short. My real concern
is the clain that it is based on a dictionary word. This is not just one passwd
but every passwd I have tried. Now the passwd fgk08p is not based on any word I
know so something is wrong with the argorithim. And it is very anoying if I am
trying to explain to a 1000 students how to make an acceptable passwd.

Comment 3 Tomas Mraz 2005-05-19 16:43:15 UTC
The dictionary check does character substitutions and so on so for the password
to pass it has to be different in more than x characters than any word in the
dictionary. The actual x value is in the cracklib sources and if it's for
example 4 than basically no 6 letters password can pass the check.

Feel free reopen the bug and reassign it to cracklib however I don't think the
algorithm or the x value will be changed.



Note You need to log in before you can comment on or make changes to this bug.