On Dec 27, 2011, at 3:54 PM, Jeffrey Walton wrote:
> Hi All,
>
> We're bouncing around ways to enforce non-similarity in passwords over
> time: password1 is too similar too password2 (and similar to
> password3, etc).
>
> I'm not sure its possible with one way functions and block cipher residues.
>
> Has anyone ever implemented a system to enforce non-similarity business rules?
Create a Bloom filter for passwords. When a password is set, create many
obvious variants -- ad a period, add a digit, increment a digit, etc. -- and
enter the whole set into the Bloom filter. At password change time, see if
the new password is in the Bloom filter.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
