Firewall Wizards mailing list archives

Re: password aging

From: "Paul M. Cardon" <pmarc () cmg fcnbd com>
Date: Wed, 26 Aug 98 11:08:58 -0500

"H. Morrow Long" thus spake unto me:

I'm presuming that you should store hashes of previous passwords,
and not store the actual passwords themselves...              - Morrow


That would seem obvious except that a one-way hash will leave you with the  
ability to check for prior use of exactly the same password but not use of a  
closely similar password.

-paul

Current thread:

password aging Adam Shostack (Aug 19)
- Re: password aging Rick Smith (Aug 23)
- <Possible follow-ups>
- Re: password aging Steve Bellovin (Aug 19)
  - Re: password aging R. DuFresne (Aug 23)
- Re:password aging Harvey Nusz (Aug 19)
- Re: password aging HASSAN . KARIM (Aug 19)
- Re: password aging H. Morrow Long (Aug 23)
  - Re: password aging Adam Shostack (Aug 24)
  - Re: password aging Paul M. Cardon (Aug 26)
    - Re: password aging Stephen P. Gibbons (Aug 27)
    - Re: password aging Massimo Brogioni (Aug 27)
- Re: password aging John McDermott (Aug 24)
- Re: password aging Paul McNabb (Aug 28)
  - Re: password aging Stephen P. Gibbons (Aug 28)
- Re: password aging Paul McNabb (Aug 28)
  - Re: password aging Stephen P. Gibbons (Aug 30)
  - RE: password aging KirkAdams (Aug 30)