Hacker News new | past | comments | ask | show | jobs | submit login

> libcrack can enforce similarity and rotation checks too [1].

How can it do that without the server storing plain text passwords?




Unless you're root, you enter your current password first for verification already?


Ah, ok, that makes a lot more sense. I was worried that the password history was stored somewhere.

> Unless you're root

I'm not sure I get this part, why does being root change things?


Normally PAM doesn’t ask for your current password during password changes if you’re root.

Also, root can change any user’s password without entering the current one.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: