On Dec 27, 2011, at 3:54 PM, Jeffrey Walton wrote: > Hi All, > > We're bouncing around ways to enforce non-similarity in passwords over > time: password1 is too similar too password2 (and similar to > password3, etc). > > I'm not sure its possible with one way functions and block cipher residues. > > Has anyone ever implemented a system to enforce non-similarity business rules?
Create a Bloom filter for passwords. When a password is set, create many obvious variants -- ad a period, add a digit, increment a digit, etc. -- and enter the whole set into the Bloom filter. At password change time, see if the new password is in the Bloom filter. --Steve Bellovin, https://www.cs.columbia.edu/~smb _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography