Reply to post:

Stop resetting your passwords, says UK govt's spy network

werdsmith Silver badge

@Joe 35 :

"...You enter "Password_4".

System sees last digit is a number, replaces that number with n-1, generates hash result (for Password_3 in this example) and sees if it is a match with existing password hash. If it is, slapped wrist."

A nice solution. Though I admit, I'd probably just switch to PasswordJan, PasswordFeb, etc.

It's not a good solution though is it? It reveals that the password hashes aren't salted which is crap, and if they were then this wouldn't work.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019