Clear text passwords in UnixWhy the inode value of shadow file changes?password store storing some passwords in plain textNIS and /etc/passwdUnix vs OS360 (History)What is the default SHA512 salt used in passwd and for the hash stored in the shadow file?When was command line parsing first introduced to shell?Blank root password disabled in modern distros?Why is +::0:0::: not supposed to be found in /etc/passwd?
1, 2, 4, 8, 16, ... 33?
Is differentiation as a map discontinuous?
Reorder a matrix, twice
Does "as soon as" imply simultaneity?
Hilbert's hotel: why can't I repeat it infinitely many times?
Tesla coil and Tesla tower
Why weren't the Death Star plans transmitted electronically?
Is the use of language other than English 'Reasonable Suspicion' for detention?
How to create fractional SI units (SI...sqrts)?
relating two diagrams in tikzcd
Hangman Game (YAHG)
Proper way to shut down consumer
Late 1970's and 6502 chip facilities for operating systems
What should I consider when deciding whether to delay an exam?
Do we know the situation in Britain before Sealion (summer 1940)?
practicality of 30 year fix mortgage at 55 years of age
What is the meaning of word 'crack' in chapter 33 of A Game of Thrones?
Why is a road bike faster than a city bike with the same effort? & how much faster it can be?
Research promotions in the middle of post-doc contract
Is it allowed to buy a Probe Bahncard 50 repeatedly?
Is there any relation/leak between two sections of LM358 op-amp?
Lost Update Understanding
Golf (6-card) Golf!
How to say "cheat sheet" in French
Clear text passwords in Unix
Why the inode value of shadow file changes?password store storing some passwords in plain textNIS and /etc/passwdUnix vs OS360 (History)What is the default SHA512 salt used in passwd and for the hash stored in the shadow file?When was command line parsing first introduced to shell?Blank root password disabled in modern distros?Why is +::0:0::: not supposed to be found in /etc/passwd?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
add a comment
|
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
add a comment
|
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
password history passwd shadow
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
edited 8 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
141 bronze badge
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
add a comment
|
add a comment
|
3 Answers
3
active
oldest
votes
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f542989%2fclear-text-passwords-in-unix%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
edited 6 hours ago
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
answered 8 hours ago
VGe0rgeVGe0rge
1546 bronze badges
1546 bronze badges
add a comment
|
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
edited 6 hours ago
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
7356 silver badges18 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f542989%2fclear-text-passwords-in-unix%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
