Found, a new rootkit
Les Mikesell
lesmikesell at gmail.com
Fri Apr 7 13:14:56 UTC 2006
On Fri, 2006-04-07 at 03:21, Tim wrote:
> >> How do you prevent re-use without keeping plain text or reversibly
> >> encrypted copies of the old ones laying around waiting to be
> >> stolen?
>
> If you're storing *old* passwords that you don't want people to use
> again, would it matter if they're stored as plain text? I would imagine
> that you could just add them to a banned passwords list.
They may still be used elsewhere, and if you see a sequence of
passwords an individual has used you may notice a pattern that
will help you guess the current one. But the real issue is
that the usual way that you would have such at list is that
you saved it from the time each password was created - meaning
you had the plain text while they were active too.
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list