On Fri, 2006-04-07 at 03:21, Tim wrote: > >> How do you prevent re-use without keeping plain text or reversibly > >> encrypted copies of the old ones laying around waiting to be > >> stolen? > > If you're storing *old* passwords that you don't want people to use > again, would it matter if they're stored as plain text? I would imagine > that you could just add them to a banned passwords list. They may still be used elsewhere, and if you see a sequence of passwords an individual has used you may notice a pattern that will help you guess the current one. But the real issue is that the usual way that you would have such at list is that you saved it from the time each password was created - meaning you had the plain text while they were active too. -- Les Mikesell lesmikesell@xxxxxxxxx
