CPython extension providing Python binding for cracklib library
Python C
Latest commit 1e7f37a Sep 11, 2015 jexhson Add notice about stopped maintenance

README.md

This package is no more maintained, please consider using cracklib instead.

Overview

TL;DR: This CPython extension provides a Python binding for cracklib (C language) library.

It provides a crack Python module that exposes a simple interface to check the strength of passwords. This can be used from within Python programs as easily as calling a function and catching an exception.

crack can be very severe in performing checks. It uses the standard cracklib2 library to discover whether passwords are based on dictionary words or are too simple. Moreover additional checks such as minimum difference characters and rotation of old password have been written on the model of those found in PAM cracklib module.

Installation

Installing crack is simple with pip:

$ pip install -e git+https://github.com/jexhson/python-crack.git#egg=python-crack --install-option='--dictpath=/path/to/dict'

or, directly from the sources by running the installation script:

$ python setup.py install --dictpath=/path/to/dict

--dictpath specify the default dictionary crack will be using to perform it check. If none specified, make sure to specify one each time you call crack.

Dictionary have to be packed as follow:

cracklib-packer my-cracklib-dict < my-plain-dict.txt

Three files where generated: my-cracklib-dict.hwm my-cracklib-dict.pwd my-cracklib-dict.pwi --dictpath should be here my-cracklib-dict

Examples

>>> import crack
>>> crack.FascistCheck("abcdefghilmn")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.2/site-packages/crack.py", line 194, in VeryFascistCheck
    return FascistCheck(new, dictpath)
ValueError: it is too simplistic/systematic
>>> crack.FascistCheck("secret")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
ValueError: it is based on a dictionary word
>>> crack.VeryFascistCheck("secret", "scrt")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.2/site-packages/crack.py", line 187, in VeryFascistCheck
    raise ValueError, "is too similar to the old one"
ValueError: is too similar to the old one
>>> crack.VeryFascistCheck("secret", "cretse")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.2/site-packages/crack.py", line 185, in VeryFascistCheck
    raise ValueError, "is rotated"
ValueError: is rotated
>>> crack.FascistCheck("this is a really secure secret but do not use it!!")
'this is a really secure secret but do not use it!!'

Documentation

The two main functions are FascistCheck and VeryFascistCheck. The example above show the usage. If you want more information or more configuration parameters please refer to the documented source code crack.py.

Why Use crack?

Passwords are the most common way a computer uses to authenticate the user. The key point is in the little possibility for any user to guess other users' passwords and then use their identities. Sadly nowadays this often shows to be also the weakest ring of the whole security chain.

Reducing the possibility of password guessing and then improving passwords' strength can greatly improve the overall system security.

crack and cracklib have been written for this purpose: mandate the use of stronger passwords. Whether these passwords are strong enough for his purpose is solely a matter of the user.

Security consideration

Beware of a little, tiny particular. Python does not allow direct memory management.

Python objects, and then strings and passwords, are garbage collected automatically. There is no way (known to the author) to clean passwords safely. So might happen that other programs are able to see the left passwords in they dirty (not initialized) memory.

If the user cannot live with this limitation, he is better to change module or language.

Authors

Originally written by Domenico Andreoli cavok@filibusta.crema.unimi.it

Small improvements, updates and packaging by Alexandre Joseph http://www.alexandrejoseph.com

License

python-crack is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

python-crack is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.