cracklibs-dict package is … quite … comprehensive. It weighs in at
almost 10MB on disk. Modern password guidance emphasizes length rather than
complicated checks, and this 10MB payload is increasingly irrelevant. I’d
like to provide an alternative, using a list of the 10,000 most common
passwords found in password breeches. This compresses down to about 1k, so
it’s significant space savings, and may result in less user frustration
while still giving some real protection against the worst choices – and
meeting security checklist items like “passwords checked against a
The problem is that cracklib seems to have a compile-time option for where
to find its dictionary.
cracklib-dicts is already a subpackage, and a
cracklib-dict-10k-worst or something alternative package could just be a drop-in
replacement… except of course it would conflict. Is this an okay use of
Conflicts? If not, what should I do?