Useful Links
SMBlog
RSS feed RSS icon
About this blog
About me
Archives of Dave Farber's IP list
Archives of RISKS Digest
The Legal Information Institute at Cornell University
Thinking Security
Firewalls and Internet Security: Repelling the Wily Hacker
The Electronic Frontier Foundation
The Tor Project
The Center for Democracy and Technology
Freedom to Tinker blog
Bruce Schneier's blog
Matt Blaze's blog
Matthew Green's A Few Thoughts on Cryptographic Engineering
Krebs on Security
December 2011
Lessons from Suppressing Research (25 December 2011)
Weird Idea of the Day (27 December 2011)
Weird Idea of the Day -- Analysis (28 December 2011)
Recent Posts
Brief Notes on Computer Word and Byte Sizes (7 March 2023
In Memoriam: Frederick P. Brooks, Jr. --- Personal Recollections (18 November 2022
Attacker Target Selection (5 July 2021
Where Did "Data Shadow" Come From? (26 June 2021
Vaccine Scheduling, APIs, and (Maybe) Vaccination Passports (2 April 2021
Security Priorities (25 February 2021
Covid-19 Vaccinations, Certificates, and Privacy (13 August 2020
Hot Take on the Twitter Hack (15 July 2020
Trust Binding (11 June 2020
Facebook, Abuse, and Metadata (24 May 2020
Archive
2007 (43)
2008 (39)
2009 (21)
2010 (15)
2011 (16)
2012 (14)
2013 (6)
2014 (16)
2015 (14)
2016 (6)
2017 (17)
2018 (16)
2019 (17)
2020 (15)
2021 (4)
2022 (1)
2023 (1)
 
Full Index
Tag Index

Weird Idea of the Day

27 December 2011

On a cryptography mailing list, someone asked how to check for "similar" passwords if all that was stored was a hashed value. The goal, of course, is to prevent people from doing things like adding a period, incrementing a digit, etc. Partly in jest, I suggested publishing the old password when a new one is set. That would also discourage people from using the same password for multiple services.

It’s an evil idea, of course — but now I’m wondering if it might actually make sense…

Tags: security
https://www.cs.columbia.edu/~smb/blog/2011-12/2011-12-27.html