Crack is a
password guessing program for Unix that is designed to
locate insecure passwords. It works by scanning the password file,
checking for passwords which match a long list of
insecure password
patterns, such as
login names used on the system or words in the
dictionary. It can also detect passwords created by a simple
modification of a dictionary word, such as reversing it or adding a
number on the end.
Crack can work with unusual password encryption algorithms, or with
a password database managed by NIS (just ypcat the database to a
file and run Crack on the file). It is also possible for the sysadmin
to modify Crack's dictionaries or transformation rules. Typically
Crack is left running in the background at low priority, but it can
also be set up to run only during certain hours, or paused and
restarted manually by the sysadmin.