How to implement a safe password history

Posted by Lorenzo on Programmers See other posts from Programmers or by Lorenzo
Published on 2012-11-27T15:19:16Z Indexed on 2012/11/27 17:19 UTC
Read the original article Hit count: 336

Filed under:
|

Passwords shouldn't be stored in plain text for obvious security reasons: you have to store hashes, and you should also generate the hash carefully to avoid rainbow table attacks.

However, usually you have the requirement to store the last n passwords and to enforce minimal complexity and minimal change between the different passwords (to prevent the user from using a sequence like Password_1, Password_2, ..., Password_n). This would be trivial with plain text passwords, but how can you do that by storing only hashes?

In other words: how it is possible to implement a safe password history mechanism?

© Programmers or respective owner

Related posts about security

Related posts about passwords