Password security

Since you've just entered your old password to log in, a site might hold on to that password for comparison -- very briefly -- just until you've completed the password change on the next page. This is a fairly secure principle, and is how the UNIX passwd utility detects too-similar new passwords.

Because it is usually required to ask for the user's current password when changing the password, this approach to similarity-detection can be easily applied in most password-change scenarios.

For completeness, here are some other less likely possibilities:

  1. The site stores your password in plaintext.

  2. The site uses a hash with some kind of weakness that allows for meaningful comparisons (e.g., estimations of the Levenshtein distance) of hashed passwords. If this is the case, it's a substantial weakness, and not much better than storing your password in plaintext.

  3. Alternatively, the password might be stored in a reversible transformation, e.g., encryption. This is not a good way to secure passwords: it opens the possibility of password compromise through key compromise, and it doesn't afford significant benefit because there is no need to make secured password transformations reversible (which is why we typically use hashes).

  4. When you enter a new password, the site hashes a set of minor transformations of your new password to see if any of them match your old password hash. This could possibly be done securely.

    For example, suppose the site knows your old password hash, Q. When you enter a new password p, the site computes hashes of passwords that are very close to p. Supposing your new password is xyzzy, the site might try hashing ayzzy, byzzy, cyzzy, etc., to see if any of them match the old hash Q.

    This seems like a substantial effort, especially if the site is using a hashing algorithm that is well-suited for passwords (i.e., in particular, one that is slow to compute). Thus, even if this case were true, it seems to suggest that the site uses a hashing algorithm poorly suited to securing passwords.

Of course, we can't know which of these possibilities is true -- all of them could easily result in the behavior you describe.


Does this mean the company that manages the website does not store the passwords in a safe manner?

One possible way they could be doing it is by comparing your new password with the old password which you provided on the same (or the previous) page to log on to this website. Note that even though the website stores the hash of the password, your plain text password is submitted to the website every time you log on. For the change password feature, they could save it temporarily in session to do these 'how-far-apart-are-the-passwords' calculation.

If this is how they do it, I don't see any issues with that. However if they are really reversing the passwords by some means, then they are definitely not doing it the right way.

Or is there a way to store the passwords hashed and still be able to figure out that the previous password just differs 1 character from the new one?

No, there is no way to retrieve the plain text password or calculate the plain text length from its hash (given its hashed using a good hashing algorithm and can not be brute forced)

Tags:

Passwords

Password Management

Related

Which signing key should I use for certifying other peoples public keys: master or subkey? How secure is "Secure Keyboard Entry" in Mac OS X's Terminal? Do simple Linux servers really need a non-root user for security reasons? How dangerous is it to allow arbitrary webhook urls to post to? UTF-7 XSS attacks in modern browsers Consider a "zero-knowledge" file host such as mega.co.nz. How can one prevent users to upload unencrypted content? How bad is exposing valid user names? Can anonymizing techniques make you less anonymous? Surveillance: blocking laptop's microphone from spying on you? How can someone go off-web, and anonymise themselves after a life online? How to stay anonymous in public wireless network? Why should double submit CSRF tokens be cryptographically strong random numbers?

Recent Posts