From: Jeffrey Walton <[email protected]> To: Randombit List <[email protected]> Sent: Tue, 27 Dec 2011 15:54:35 -0500 (EST) Subject: [cryptography] Password non-similarity?
>Hi All, >We're bouncing around ways to enforce non-similarity in passwords over time: password1 is too similar too password2 (and similar to password3, etc). >I'm not sure its possible with one way functions and block cipher residues. >Has anyone ever implemented a system to enforce non-similarity business rules? You are going to run into massive resistance from the user base, almost all of whom have been told of the organization's "Change your password every X days" rule, and almost the same number of whom have been told "Just pick a password you'll remember, like your dog's name, and then when you have to change it, just add a 1 on the end." _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
