Found, a new rootkit
Les Mikesell
lesmikesell at gmail.com
Wed Apr 5 05:20:33 UTC 2006
On Tue, 2006-04-04 at 23:04, Mikkel L. Ellertson wrote:
> >
> >>> Another good guide is:
> >>>
> >>> Enforce changing of passwords on at least a monthly basis.
> >>> Do not permit re-use of old passwords.
> >> Experience indicates that people rotate sets of four or five passwords
> >> in that case.
> >
> > How do you prevent re-use without keeping plain text or reversibly
> > encrypted copies of the old ones laying around waiting to be
> > stolen?
> >
> You keep copies of the old encrypted passwords around, and compare
> the new one to them. If they match, reject the password. After all,
> you do that to the current one every time someone tries to log in.
I guess I was think of the systems that tell you you haven't
made enough of a change from the old one(s).
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list