12

I was requested at the login page of a website to first change my password. After typing in a new password, the web page told me the new password did not differ enough from the previous one. Does this mean the company that manages the website does not store the passwords in a safe manner? Or is there a way to store the passwords hashed and still be able to figure out that the previous password just differs 1 character from the new one?

AviD
  • 72,708
  • 22
  • 137
  • 218
Robert
  • 123
  • 5

4 Answers4

21

Since you've just entered your old password to log in, a site might hold on to that password for comparison -- very briefly -- just until you've completed the password change on the next page. This is a fairly secure principle, and is how the UNIX passwd utility detects too-similar new passwords.

Because it is usually required to ask for the user's current password when changing the password, this approach to similarity-detection can be easily applied in most password-change scenarios.

For completeness, here are some other less likely possibilities:

  1. The site stores your password in plaintext.

  2. The site uses a hash with some kind of weakness that allows for meaningful comparisons (e.g., estimations of the Levenshtein distance) of hashed passwords. If this is the case, it's a substantial weakness, and not much better than storing your password in plaintext.

  3. Alternatively, the password might be stored in a reversible transformation, e.g., encryption. This is not a good way to secure passwords: it opens the possibility of password compromise through key compromise, and it doesn't afford significant benefit because there is no need to make secured password transformations reversible (which is why we typically use hashes).

  4. When you enter a new password, the site hashes a set of minor transformations of your new password to see if any of them match your old password hash. This could possibly be done securely.

    For example, suppose the site knows your old password hash, Q. When you enter a new password p, the site computes hashes of passwords that are very close to p. Supposing your new password is xyzzy, the site might try hashing ayzzy, byzzy, cyzzy, etc., to see if any of them match the old hash Q.

    This seems like a substantial effort, especially if the site is using a hashing algorithm that is well-suited for passwords (i.e., in particular, one that is slow to compute). Thus, even if this case were true, it seems to suggest that the site uses a hashing algorithm poorly suited to securing passwords.

Of course, we can't know which of these possibilities is true -- all of them could easily result in the behavior you describe.

Community
  • 1
apsillers
  • 5,770
  • 27
  • 33
  • given that the site is bothering to detect insufficient differences between new and old passwords, it seems quite likely that your number 4 may well be the reason. – jah Dec 30 '13 at 21:36
  • Number 4 should be number 1. This is the most likely option. – Ben Dec 31 '13 at 11:47
  • @Ben That is a much better idea; done. – apsillers Dec 31 '13 at 13:04
  • It is also worth noting that it is a reasonable best practice to require the existing password to be re-entered when changing to a new password (confirms user knows existing password and that computer wasn't temporarily used by another user). This would provide both passwords to allow comparisons. – jamiescott Dec 31 '13 at 23:13
  • @jamiescott Added your suggestion with a link to a related Secuirty.SE question. – apsillers Jan 01 '14 at 17:49
  • An excellent and thorough answer! – martinstoeckli Apr 15 '17 at 11:41
3

Does this mean the company that manages the website does not store the passwords in a safe manner?

One possible way they could be doing it is by comparing your new password with the old password which you provided on the same (or the previous) page to log on to this website. Note that even though the website stores the hash of the password, your plain text password is submitted to the website every time you log on. For the change password feature, they could save it temporarily in session to do these 'how-far-apart-are-the-passwords' calculation.

If this is how they do it, I don't see any issues with that. However if they are really reversing the passwords by some means, then they are definitely not doing it the right way.

Or is there a way to store the passwords hashed and still be able to figure out that the previous password just differs 1 character from the new one?

No, there is no way to retrieve the plain text password or calculate the plain text length from its hash (given its hashed using a good hashing algorithm and can not be brute forced)

CodeExpress
  • 2,447
  • 14
  • 10
0

Hashing is a process where the smallest change gives a completely different result, and is not reversible. The only way that they could compare your old password to your new password would be if they are storing your passwords without being hashed.

This does not mean that they are storing your passwords insecurely: hashing is only one method of secure password storage. Hashed passwords is no guarantee of security anyway, with hash tables and rainbow tables hashed passwords can be cracked with relative ease. As long as they are stored encrypted and their controls around it are sound then your are as safe as can be reasonably expected.

It all depends on how well the company in question has developed their product, and that cannot be answered here.

GdD
  • 17,321
  • 2
  • 41
  • 63
-1

Chances are, the passwords are encrypted. Depending on the encryption implementation, your password is safe. So, no, given that information, you cannot conclude your passwords are stored in an unsafe matter.

Theoretically, at least, the server can store only the hash. Then, when you come with your new password, they hash variations of your password to see if they hit your original password hash. It's a bit of a stretch, but is certainly possible.

Rubber Duck
  • 516
  • 1
  • 5
  • 16