[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: md5 hashing on passwords?



Steve Langasek wrote:
> My only concern with this function is that it would still treat (e.g) two
> 128-character passwords with good randomization as too similar if they
> contained the same set of characters.  Still, the proposed change is certainly
> a far sight better than what we currently have, and I don't know of a simple
> way to check if two passwords are too similar (or even a simple way to
> /define/ if they're too similar), so I'm not going to worry too much about it.
> :)

What still concerns me is that a password like:

 thequickbrownfoxjumpsoverthelazydog

would be hard to replace, since this check would basically match most of
any conventional replacment. Any ideas on that?

Cheers

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []