Password systems
I've just had a thought about password systems that place restrictions on whether your password is similar to previous ones.
The very fact that it can tell implies a security vunerability.
A good password storage system hashes the passwords so that they cannot be snooped. A good hashing algorithm implies no predictable correlation between mathematically adjacent inputs.
Given a good password storage system stores only the non-reversable hash and cannot make any inference of the proximity of two inputs based on two hashes, how is it supposed to tell how close your password is to a previous one?
The very fact that it can tell implies a security vunerability.
A good password storage system hashes the passwords so that they cannot be snooped. A good hashing algorithm implies no predictable correlation between mathematically adjacent inputs.
Given a good password storage system stores only the non-reversable hash and cannot make any inference of the proximity of two inputs based on two hashes, how is it supposed to tell how close your password is to a previous one?