On Fri, 2006-04-07 at 17:51 +0930, Tim wrote: > Les Mikesell: > >> How do you prevent re-use without keeping plain text or reversibly > >> encrypted copies of the old ones laying around waiting to be > >> stolen? > If you're storing *old* passwords that you don't want people to use > again, would it matter if they're stored as plain text? I would imagine > that you could just add them to a banned passwords list. Actually... You couldn't even if you wanted to. The plain text password is not stored on the system at all. Only the password hashes. If you want to maintain a password history, you just store those hashes and use them in future change password attempts. If you wanted to store the plain text password (in some misguided attempt to catch "similar" passwords) you would have to have the user reenter his old password and store that plain text, since the hashes are not reversible. Even storing old "banned" passwords as plain text is a very VERY bad idea. Even if they never reuse a password, that same password may be used somewhere else (other systems, web sites, keyrings, databases, etc, etc, etc), may reveal personal information about the user, or may reveal patterns in their password generating methodology (KillRoy1, KillRoy2, KillRoy3). Obviously, this is something you do NOT want to do. If you are this paranoid that you even want to catch "similar" passwords, then I would recommend going to an OTP like s/key or OPIE and be done with it. Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
