On Thu, Oct 14, 2010 at 10:16:12AM -0400, Brad Tilley wrote: > Stuart VanZee wrote: > > For 8.5.12 see login.conf man page, look for passwordcheck. > > You will have to write (or find) a program that keeps track > > of previously used passwords. I just stored a hash of them > > in a file and have it check to see if the new password hash > > matches any of the old 4 password hashes. > > I considered that as a possible solution as well, but it seems that > approach would weaken the security of the passwords, especially if you > just use an unsalted hash (md5 or sah1) to store them.
You could use blowfish to store them; the code already exists in the openbsd base. Storing multiple previous passwords has always seemed gratuitous to me, but we're not discussing technical merits, just technical solutions to management fiats... > > Brad