This is for a college assignment. At our College they use Microsofts's Active Directory to run their network.
Every month we get asked to change our passwords and when we do so it won't accept any of the previous five passwords we have used, or similar passwords. For example if my password was 'secretpassword1', next month I couldn't use 'secretpassword2'.
However the only way that I can see this being done is if there is either a flaw in the hashing algorithm used to store the passwords; the passwords aren't hashed but encrypted; or worse they are stored in plaintext.
After a quick Google-Fu session it appears that Active Directory will store passwords in regular Windows hashes. So can anyone explain this?
Cheers
P.S. This may be our imagination; perhaps you can reuse a password that is slightly different?