Password previously used ideas?

Hi Folks,

This is more for an intellectual exercise. It's not a difficult problem but it might be interesting to find out different solutions.

So you have users, and they have passwords, stored in SHA1. You have a policy which forces users to change their passwords every month or so. So how to prevent them using two passwords and interchanging them? But they must be able to reuse a password eventually.

I thought a separate db field to which old passwords are appended with a separator, such as _. If the total instances of _ exceed 6, whenever a password is appended, the first one is removed. Then all you do is a substring search to find out if the new password is in this string, and reject it if it is.

But is there a neater way?
.

Relevant Pages

  • Re: Domain-level group policies
    ... pg@xxxxxxxxxxx schrieb: ... passwords must be changed every 42 days, ... do I have to separate R&D into its own domain? ... Password Policies are only valid for domain accounts when linked to the domain level - otherwise they'll apply to the local computer's user accounts. ...
    (microsoft.public.windows.group_policy)
  • Encrypting database
    ... database needs to be hidden from users that can normally read the ... encrypt that key with passwords of users that have access to the data ... separate and unrelated issue for this:) ...
    (sci.crypt)
  • Sharing account information between domains
    ... Does anyone know of a method or utility that will allow two separate ... AD 2003 domains to share a common list of user accounts and passwords? ... viable option and for us, creates more problems than it solves. ...
    (microsoft.public.windows.server.active_directory)
  • Re: saving log in name
    ... Usually this is dependent on Cookies being enabled -- see ... one on a separate dialog about passwords.) ...
    (microsoft.public.security)
  • Re: Password previously used ideas?
    ... This is more for an intellectual exercise. ... So you have users, and they have passwords, stored in SHA1. ... I thought a separate db field to which old passwords are appended with a ... If security is a concern then do 2-factor authentication properly. ...
    (comp.lang.php)