Michael H. Warfield wrote:
[snip]
Even storing old "banned" passwords as plain text is a very VERY bad
idea. Even if they never reuse a password, that same password may be
used somewhere else (other systems, web sites, keyrings, databases, etc,
etc, etc), may reveal personal information about the user, or may reveal
patterns in their password generating methodology (KillRoy1, KillRoy2,
KillRoy3).
Hey! You just gave away my root password to the whole world!
:-)
[snip]
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
