Timeline for Why do we ask for a user's existing password when changing their password?
Current License: CC BY-SA 3.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 6, 2023 at 16:18 | comment | added | Isti115 | @FrixosKallenos What you describe is the exact reason why it's necessary to ask the user for the previous password in order to perform the comparison. With just the hash, there would be no meaningful reference. | |
| Jul 28, 2023 at 9:45 | comment | added | Frixos Kallenos | Usually, we use algorithms that produce significant changes with the tiniest difference, for hashing passwords. Ideally, we want around at least a 50% difference in the hash for just 1 bit of change. So I can't see how you could detect the similarity. | |
| Nov 21, 2012 at 21:24 | review | First posts | |||
| Nov 22, 2012 at 15:19 | |||||
| Nov 21, 2012 at 21:04 | history | answered | Stéphane Chazelas | CC BY-SA 3.0 |