[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] password history

Don't forget the salt... (asuming classic Unix passwd storing mechanism) or newer mechanisms.

Just try to change the password twice and look at it.


suse@xxxxxxxxxxxx wrote:
What about storing the **encrypted** passwords in a database, such as mysql, with a column indicating when it was first stored there? Then you can write a script to check the validity of the password.


In theory, theory and practice are the same;
in practice they are not.

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here