They're not necessarily storing passwords in the clear (though the Texas Secreta... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		88e282102ae2e5b on July 22, 2014 \| parent \| context \| favorite \| on: Texas Attorney General Password Rules They're not necessarily storing passwords in the clear (though the Texas Secretary of State does[1], so it wouldn't surprise me). For example, when updating a password on Facebook, they check to see if your new password is similar to your previous one by creating several variants of the new password, hashing them, and seeing if the hash matches any of your old password hashes. [1] http://plaintextoffenders.com/post/68152196480/sos-state-tx-...

Brandon0 on July 22, 2014 [–]

Do you have a source on the Facebook statement? I would be interested in hearing how they create the variants.

88e282102ae2e5b on July 23, 2014 | [–]

Ostensibly this is from a FB engineer, in retrospect I realize I don't know how to verify that: http://security.stackexchange.com/questions/53481/does-faceb...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact