Some password policies require that password changes be "sufficiently different" from past passwords. For example (neglecting other complexity criteria), if your password had been "Robin" at some past time you might not be allowed to change it to "Robert".
How is this accomplished? Does it involve retaining passwords as plaintext or decryptable cyphertext? How does that avoid introducing a security weakness comparable to that of past-password similarity?
My "understanding" (to use the term generously) is that actual passwords are not generally stored by the authenticator for comparison at authentication time. The authenticator stores a hashed version of the password, an encryption that is easy to form from the password but difficult to invert to find a string that will encrypt to the same "hash". An applicant need never offer the plaintext password to the authenticator; he can prove he knows the plain password by forming the hash to offer (over suitably encrypted channel) to the authenticator.
It seems to me that implies it's difficult to determine similarity of two plaintext passwords from their hashes, and that slightly modified plaintext passwords will generally produce very different hashes. That would imply that a new-password validator would have to store actual passwords to test for similarity.
Doesn't that defeat the whole point of one-way (non-invertible) password encryption?
Is that offset by confining the new-password validation function to a more tightly secured trusted system?
I am but an egg.
How is this accomplished? Does it involve retaining passwords as plaintext or decryptable cyphertext? How does that avoid introducing a security weakness comparable to that of past-password similarity?
My "understanding" (to use the term generously) is that actual passwords are not generally stored by the authenticator for comparison at authentication time. The authenticator stores a hashed version of the password, an encryption that is easy to form from the password but difficult to invert to find a string that will encrypt to the same "hash". An applicant need never offer the plaintext password to the authenticator; he can prove he knows the plain password by forming the hash to offer (over suitably encrypted channel) to the authenticator.
It seems to me that implies it's difficult to determine similarity of two plaintext passwords from their hashes, and that slightly modified plaintext passwords will generally produce very different hashes. That would imply that a new-password validator would have to store actual passwords to test for similarity.
Doesn't that defeat the whole point of one-way (non-invertible) password encryption?
Is that offset by confining the new-password validation function to a more tightly secured trusted system?
I am but an egg.
via JREF Forum http://ift.tt/1p6JqKt
Aucun commentaire:
Enregistrer un commentaire