On 11/02/2010 09:58 PM, Mark Allums wrote:
On 11/2/2010 9:40 PM, Jesús M. Navarro wrote:
Hi, lee:
On Tuesday 02 November 2010 21:26:54 lee wrote:
On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:
[snip]
The way to do it is to have a record in your password db of the
hashes of each user's last N passwords.
Not a serious expert, but: Bad policy? (Keeping unnecessary
histories of *anything* would tend to weaken security. Wouldn't it?)
The key words are "unnecessary" and "history".
a) Yes, it's necessary.
b) You do *not* keep a history of the *passwords*. You keep a
history of the one-way *hashes*.
--
Seek truth from facts.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4cd0ebb2.4010...@cox.net
