4

I stumbled across this question earlier and it got me thinking. Everyone's encountered systems that require you change your password every x days and not reuse any of your last y passwords. This kind of thing has always left me vaguely unsettled -- how are the old passwords stored? Shouldn't old passwords be deleted entirely? Isn't it insecure not to?

Is there something that I'm missing or forgetting to think about here?

thepocketwade
  • 1,525
  • 5
  • 16
  • 27

1 Answers1

7

Passwords can be stored using hashes that don't store the password, but a number that represents the password. The hash typically cannot be turned back into the password so there is very little chance that a security compromise will net anyone the original password. For example, a simple hash might assign A=1 B=2 C=3, etc... and then sum up all of the values for the corresponding letters in the password. If you've used that password before, the hash will always match, but there's no way to get the original password by knowing the hash.

Thus, it is certainly possible to know whether a password was used previously without actually knowing what the password was. Whether or not any particular web site uses this method, however... you can't be sure.

EDIT - note that the example above is exceedingly simple, only meant to convey the concept of a hash. This is NOT how you should compute a hash in the real world, not least of which because of the prevalence of passwords that would yield the same hash.

EDIT 2 - a better link might be http://en.wikipedia.org/wiki/Cryptographic_hash_function, which describes hashes in the context of cryptography. The previous link to hashes talks about them more in the context of grouping data, which they can also be used for.

Michael Bray
  • 230
  • 3
  • 8
  • 1
    But couldn't the original password be discovered using rainbow tables? Or am I misunderstanding how rainbow tables work? – thepocketwade Feb 09 '10 at 18:22
  • Not if the hash is computed using a decent-sized salt value... See the section 'Defenses...' at http://en.wikipedia.org/wiki/Rainbow_table#Defense_against_rainbow_tables. I mean theoretically they still could, but it would require MASSIVE amounts of processing and memory capacity. – Michael Bray Feb 09 '10 at 18:30
  • Theoretically, rainbowtables can reverse password hashes. But theoretically, massively parallel computers could brute-force them too. (Rainbow tables are just pre-computed password-to-hash calculations.) There's a difference between "theoretically" and the real world. – David Mackintosh Feb 09 '10 at 18:31
  • 1
    Most hashes include a salt (see http://en.wikipedia.org/wiki/Salt_%28cryptography%29) which makes it harder for rainbow tables to work. Also read here: http://en.wikipedia.org/wiki/Rainbow_table#Defense_against_rainbow_tables - RTs ain't infallible. A password can also be brute-forced for sure but that's where a good account lockout policy would help. – Maximus Minimus Feb 09 '10 at 18:33
  • 1
    @thepocketwade, the old password possibly could be discovered with rainbow tables depending on the salt/hash method, but that isn't the point. The old passwords are protected the same way the current passwords are protected. If you are going to attack a system, why would you spend time cracking expired/old passwords, since you would have access the to the current ones? – Zoredache Feb 09 '10 at 18:34
  • @zoredache that assumes the same protection is used on the old passwords. That's probably not an absurd assumption (for most places), but if it's wrong it would hurt. – thepocketwade Feb 09 '10 at 18:36
  • if using a rainbow table the past passwords help crack the salt. but its a moot point because your system was hacked... you have bigger problems. – Brian Leahy Feb 09 '10 at 20:56