From: Colin Streicher
Date: January 19 2010 12:52am
Subject: Re: Record old passwords ?
List-Archive: http://lists.mysql.com/mysql/220290
Message-Id: <201001181952.11899.colin@obviouslymalicious.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit

On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
> Hi
> 
> I'm in the process of designing a login system to a secure web page using
> MySQL.  One of the features is we need to record and ensure that the user
> password is different from any of the last four passwords he/she has used.
>  I was thinking of create four fields called Password1, Password2,
>  Password3 and Password4 to record the old passwords.
> 
> Is this a preferred method - or does anyone else have any recommendations ?
> 
> Thanks,
> Neil
> 
I'm not an awesome database designer, most of what I do is code related stuff, 
I think what I would do for this is 1. hash the password( sha256/512 whatever) 
and then 2. store the hash in a string with delimiters. In that way, you solve 
2 problems. 
You can store as many as you want to because you can just check hashes to make 
sure it isn't the same, and second, you aren't storing passwords in plain-
text, which is a personal pet peeve. 
 
-- 
In the stairway of life, you'd best take the elevator.