|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
password aging
Adam Shostack (adam
weathership.homeport.org)
Tue, 18 Aug 1998 17:57:23 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: HASSAN.KARIMchase.com: "Re: Denial of service"
- Previous message: Steve Bellovin: "Re: Brute force attacks"
- Next in thread: Steve Bellovin: "Re: password aging"
- Maybe reply: Steve Bellovin: "Re: password aging"
- Maybe reply: HASSAN.KARIMchase.com: "Re: password aging"
- Reply: Rick Smith: "Re: password aging"
- Maybe reply: H. Morrow Long: "Re: password aging"
- Maybe reply: John McDermott: "Re: password aging"
- Maybe reply: Paul McNabb: "Re: password aging"
- Maybe reply: Paul McNabb: "Re: password aging"
Various people assert that its a good idea to maintain a
history of user passwords so that they can't change their password to
a previous password. However, I'm having trouble finding a reference
to this in the literature that examines the issue of how many
passwords to save and why. The lime green book (password management)
says not to let the user use their previous password, but doesn't go
into storing a history.
Does anyone know of a paper on, or that discusses, this topic,
and how or why to pick various values of N?
Adam
- Next message: HASSAN.KARIMchase.com: "Re: Denial of service"
- Previous message: Steve Bellovin: "Re: Brute force attacks"
- Next in thread: Steve Bellovin: "Re: password aging"
- Maybe reply: Steve Bellovin: "Re: password aging"
- Maybe reply: HASSAN.KARIMchase.com: "Re: password aging"
- Reply: Rick Smith: "Re: password aging"
- Maybe reply: H. Morrow Long: "Re: password aging"
- Maybe reply: John McDermott: "Re: password aging"
- Maybe reply: Paul McNabb: "Re: password aging"
- Maybe reply: Paul McNabb: "Re: password aging"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:40 CDT