When you have to reset or change your hotmail/outlook password you can not use a previous password or a variation of it. I can understand not using the exact same password and checking it against a previously stored hash, but how can they know a various of my pass without storing it in clear text? Example if I user QWERTASDFG as my pass they will not allow QWERTASDFG!@#$% as my reset pass? The hash for these 2 passes would be completely different so how do they pull this off.
This is not rocket science. They probably store it encrypted, and decrypt in RAM when they need to validate things like that. It's not the first company to have this restriction. I know some companies that prevent parts of day names in the password, for example.
"I know some companies that prevent parts of day names in the password, for example."
That is a little different. Its one thing to check against a list of restricted words common to everyone and a list of previous passwords used by a single user.
They could hash substrings or variations of the new password and check against the original hash. Further, I guess they could be storing hashes of several modified passwords, but that seems unlikely.
