On Tue, 2006-04-04 at 22:25 -0500, Les Mikesell wrote: > On Tue, 2006-04-04 at 21:58, jdow wrote: > > > > Another good guide is: > > > > > > Enforce changing of passwords on at least a monthly basis. > > > Do not permit re-use of old passwords. > > > > Experience indicates that people rotate sets of four or five passwords > > in that case. > > How do you prevent re-use without keeping plain text or reversibly > encrypted copies of the old ones laying around waiting to be > stolen? ---- I would presume that they don't have to be stored as plain text or reversible...they simply need to be kept around and when a new password is submitted, encryption is applied and then it is matched against the list of old passwords - much like an attempt to authenticate. I believe that is the methodology of password policy of both FDS and OpenLDAP anyway. Craig
