December 2011
Lessons from Suppressing Research (25 December 2011)
Weird Idea of the Day (27 December 2011)
Weird Idea of the Day -- Analysis (28 December 2011)

Weird Idea of the Day

27 December 2011

On a cryptography mailing list, someone asked how to check for "similar" passwords if all that was stored was a hashed value. The goal, of course, is to prevent people from doing things like adding a period, incrementing a digit, etc. Partly in jest, I suggested publishing the old password when a new one is set. That would also discourage people from using the same password for multiple services.

It’s an evil idea, of course — but now I’m wondering if it might actually make sense…

Tags: security
https://www.cs.columbia.edu/~smb/blog/2011-12/2011-12-27.html