Jacobs
Apprentice
Joined: 29 Apr 2003
Posts: 174
Location: Czech republic
|
 Posted: Thu Aug 18, 2005 7:30 pm Post subject: cracklib difok question |
 |
|
Hi, I was just reading through Gentoo Security Handbook and in the chapter about PAM and cracklib it says:
| Quote: | | which will ensure that the user passwords are ... more than 3 characters different from the last password |
http://www.softpanorama.org/Authentication/password_crackers.shtml provides the following description:
| Quote: | | difok=n This represents the number of characters in the new password that must be different from the old password. The default is 10. Regardless of this limit, however, any new password that has at least half the characters different from the old will be accepted. |
I'd like to ask, how does cracklib do this (I'm not skilled enough to read the actual code  )?
Does it store the plaintext of the previous password? (that'd be quite a security risk)
Or does the crypt/md5 function allow such a functionality? (I doubt that)
I'd bet on some cryptographic technique, but I don't have a clue what would allow such a thing... Maybe some trick with a polynomial function?
I'm very curious 
Thanks for any hint. |
|
Networking & Security
