Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 24 Jun 2007 14:49:11 +0400 (MSD)
From: Andrey V Stolyarov <crocodil@...co.net>
To: owl-users@...ts.openwall.com
Subject: Re: pam_passwdqc and history


On Sun, 24 Jun 2007 gremlin@...mlin.ru wrote:

> On Sat, Jun 23, 2007 at 11:01:04AM -0600, Vincent Danen wrote:
>
>  > Quick question. Does pam_passwdqc support password history?
>  > Not just comparing the current password to the new password,
>  > but seeing if it's similar to, say, any of the last 3
>  > passwords a user used? Apparently some government/company
>  > legislation/policies require history checking of current-N
>  > passwords, and I'm wondering if passwdqc does this.
>
> It does NOT and, I hope, never will - all these "password
> history policies" require storing plaintext password somewhere,
> which is absolutely inacceptable.

I'd say it is still possible to store older hashes rather than
passwords theirselves.  This will not allow to check passwords
for 'similarity' but obviously will allow to check is the new
password is exacly the same as one in the history.  And it is not
that inacceptable as storing plaintext passwords.


--
Croco

-- 
To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.