1 This copy of CrackLib is based on the 2.7 release by Alec Muffett. The
2 following modifications have been made:
4 * Require more different characters in the password.
5 * Strengthen the prefix and suffix rules for longer passwords.
6 * Increased the minimum password length to 8 characters.
7 * Modified the adjacent character check to depend on the password length.
8 * Remove checks against the user's GECOS entry.
9 * Don't exit on failure to open the database.
10 * Improved the search algorithm in FindPW somewhat.
11 * Don't segfault on corrupt dictionaries.
12 * Fixed the data format output by packer to properly pad the end.
13 * Added ANSI C prototypes for all functions and mark const variables.
14 * Removed unused functions.
15 * Increased MINLENGTH.
16 * Added a check for a duplicated dictionary word.
17 * Changed error for very short passwords to match current CrackLib.
18 * Removed last block optimization in GetPW and start fresh each time.
19 * Close the dictionary after each password lookup.
20 * Set hidden visibility on all CrackLib symbols.
21 * Close the wfp file handle on PWClose if it's open.
22 * Applied various patches from distributions for security vulnerabilities.
23 * Changed the type of some variables to size_t to avoid truncation.
24 * Forced locale in mkdict to avoid problems with non-C-locale sort.
25 * Added a warning to packer if processing out-of-order words.
26 * Used Autoconf and portable/system.h to find types of specific lengths.
27 * Added missing break to RULE_MFIRST "(" and RULE_MLAST ")" handling.
28 * Various compilation warning and portability fixes.
30 See the leading comments in each source file for a more detailed timeline
33 Below is the original changelog for CrackLib:
35 v2.7 mkdict/tr problem eliminated;
36 misc fixes suggested by Andrey Savochkin <saw@msu.ru> (with thanks)
37 v2.6 buffer overflow problems addressed - 1st attempt
38 permutations of fascist deconstructors fixed/enhanced
39 v2.5 added decent info to the "shadow" directory patches.
40 v2.4 forwarded to ch & jfh3 for beta testing/comments
41 v2.3- internal beta test versions