Password too similar?

by "Lauri Vain" <lauri_lists(at)tharapita.com>

 Date:  Thu, 8 Aug 2002 19:02:47 +0300
 To:  <hwg-techniques(at)hwg.org>
  todo: View Thread, Original
Hi there, 

Perhaps you have sometimes noticed (when you're changing passwords on
some versions of Windows) that it pops up a "Password too similar"
error. That means that the new password you requested was too similar to
a previous password. 

How does Windows compare the entered password with the previous 10
passwords when the old passwords are stored as an one-way hash only?
Will the new password be mutated based on some simple algorithms, then
hashed, and only then compared to old ones (they would have to repeat
the process 1000 times or so to cover the most common variations of a
single password) or is there a smarter approach to it? Mutating the new
password like that wouldn't be all that effective, now would it. So, how
does it work? 

Thanks, 
Lauri

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA