On Jan 12, 2008 9:17 PM, Carl-Daniel Hailfinger <<a href="mailto:c-d.hailfinger.devel.2006@gmx.net">c-d.hailfinger.devel.2006@gmx.net</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
If the system notices that passwords<br>are similar, there's at least some chance one guy knows another guy who<br>then tells someone in upper management that if the system is able to<br>find similarities between passwords, they surely are not stored with a
<br>cryptographically secure hash function.</blockquote><div><br>Not true, since most users are required to enter the old password before changing their password.<br><br>Now if it were to notice that the password you are using now was the same as 6 months ago (assuming change every month) that _would_ indicate poor security.
<br><br>-ffm<br></div></div><br>