Password Management

[Badhrinath S <sbadhrinath () gmail com>]

Hi all,

An application has been using PAM of unix till now for password authentication.
This is a client server model where server uses a database for its operations.
Now it has to manage the passwords by itself with following constraints.

--> Check if password is not the same as previous 5 passwords set
--> Check if the password differs from old password by alteast 3 characters.

So, can you please give me suggestions to manage this effectively ?
--> Do I encrypt and save the previous 5 and the current passwords in
database or how can the passwords be stored better?
--> Can symmetric keys be used or will assymetric key usage be better ?
--> How to decide upon the key values ?

Guess, Hashing will not be useful since we need to check for atleast 3
character change in passwords. Plz comment.

--
Thanks
Badhri