Re: Storing passwords in a database


"Thomas Mueller" <nospam@xxxxxxxxxxxx> wrote
...
4. ... and lastly that it isn't one of the last n passwords the user
had (by comparing it to the hashes of these, see step 5), if it doesn't
qualify, exit
5. Store the hash of the old password so it will be available for step
4 in the future
...

Thomas, Thanks for reminding me of the need for step 5. Rgds, JohnH

.

Relevant Pages

  • Re: cracking Y2k DC Admin password
    ... the hashes have been created, they are encrypted with a DES variant ... if you have the SAM file, you should also have taken the system file. ... anyone and you have your passwords. ... >> - rescue in windows folder and backup sam file from it, it has admin ...
    (Pen-Test)
  • Re: Password hashes
    ... There are only two hashes used for storing passwords in the Microsoft ... and there is no dedicated NTLM hash for stored passwords. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Unchangeable passwords
    ... It is difficult to store hashes, ... > If somebody discloses private keys, ... demonstrated, the hard way, that about 10% of the passwords on almost ... urging to my successors to flush the variety of root access means they ...
    (comp.os.linux.security)
  • [TOOL] SQL Server Password Auditing Tool
    ... The hashes are easy to retrieve allthough you need a priviliged account to ... To perform a dictionary attack on the retrieved hashes: ... This will try to brute force the passwords by using the supplied ...
    (Securiteam)
  • Re: overcome NIS
    ... > AFAIK, NIS doesn't transmit passwords over the network, ... It does when changeing passwords (although there are workarounds to this, ... > so each machine can use the hashes to authenticate. ... They need not even sniff the wire for this ...
    (comp.os.linux.security)