It does, because if the new password is similar to the old one, you can either m... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		saurik on July 29, 2011 \| parent \| context \| favorite \| on: Auditor's response to "Our security auditor is an ... It does, because if the new password is similar to the old one, you can either modify the old one to get the new one or modify the new one to get the old one.

zizee on Aug 8, 2011 [–]

But if you have hashed the password correctly (i.e. a one way hash) you shouldn't know what the previous passwords are. This means that you would only be able to test if the password was the same, not similar.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact