[cryptography] Password non-similarity?

Nico Williams nico at cryptonector.com
Tue Dec 27 17:26:34 EST 2011


I'm assuming that at password change new password policy evaluation
time you have both, the old and new passwords, in which case you can
use Optimal String Alignment Distance for at least that pair of
passwords.  If you have only one password you can try a cookbook of
transformations that users might apply to their passwords, and then
there's professor Bellovin's Bloom filter suggestion.  If you have
only a history of password hashes and no actual passwords and you want
to determine similarity, well, you're fortunately out of luck.

Nico
--



More information about the cryptography mailing list