On Thu, Jan 26, 2012 at 01:29:04PM +0100, Fabian Greffrath wrote: > Package: libcrack2 > Version: 2.8.18-3 > Severity: wishlist > Tags: upstream > > Hi, > > I think this is more a wishlist bug addressed at upstream, but anyway: > > There is a list available [1] that contains the 500 worst (i.e. most often > used) passwords of all time. It contains a lot of obvious ones (and maybe > misses some of the *too* obvious ones) and also some that pass the regular > cracklib tests but are bad because they contain obvious references (to music, > movies, etc.). > > It would be nice of the FascistCheck() function of libcrack2 could be extended > to look up the given password in this list of 500 rather early and error out > if > it's found.
I think it would be better to have this list as a wordlist package
instead of bundling it with libcrack2. With this approach the list
could be updated with no need for a new libcrack2 version.
Kind regards,
Jan Dittberner
--
Jan Dittberner - Debian Developer
GPG-key: 4096R/558FB8DD 2009-05-10
B2FF 1D95 CE8F 7A22 DF4C F09B A73E 0055 558F B8DD
http://ddportfolio.debian.net/ - http://people.debian.org/~jandd/
signature.asc
Description: Digital signature
