[cryptography] Password non-similarity?
smb at cs.columbia.edu
Tue Dec 27 16:11:50 EST 2011
On Dec 27, 2011, at 3:54 PM, Jeffrey Walton wrote:
> Hi All,
> We're bouncing around ways to enforce non-similarity in passwords over
> time: password1 is too similar too password2 (and similar to
> password3, etc).
> I'm not sure its possible with one way functions and block cipher residues.
> Has anyone ever implemented a system to enforce non-similarity business rules?
Create a Bloom filter for passwords. When a password is set, create many
obvious variants -- ad a period, add a digit, increment a digit, etc. -- and
enter the whole set into the Bloom filter. At password change time, see if
the new password is in the Bloom filter.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the cryptography