On 11/2/2010 11:57 PM, Ron Johnson wrote:
On 11/02/2010 09:58 PM, Mark Allums wrote:On 11/2/2010 9:40 PM, Jesús M. Navarro wrote:Hi, lee: On Tuesday 02 November 2010 21:26:54 lee wrote:On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote:[snip]The way to do it is to have a record in your password db of the hashes of each user's last N passwords.Not a serious expert, but: Bad policy? (Keeping unnecessary histories of *anything* would tend to weaken security. Wouldn't it?)The key words are "unnecessary" and "history". a) Yes, it's necessary. b) You do *not* keep a history of the *passwords*. You keep a history of the one-way *hashes*.
I know it is the hashes. Everything leaves tracks. It's not the passwords that might be compromised, it's the privacy. I expect this is an example of extreme paranoia, but still...
An unrelated example: Incognito mode (AKA, porn mode) of Google Chrome. Forensic researchers have published articles about how much they found out about the user even after they used the "secure" mode.
You can't reverse the hash, but a pattern in the history file might tell someone something you don't want them to know. Granted, you could keep the history with root as owner and if you are rooted, well, you already have big problems, but isn't one of the first things the black hats do when they gain access is look for information, for further compromises?
No system is perfect, but I like simplicity. Less to go wrong.