Clear text passwords in UnixWhy the inode value of shadow file changes?password store storing some passwords in plain textNIS and /etc/passwdUnix vs OS360 (History)What is the default SHA512 salt used in passwd and for the hash stored in the shadow file?When was command line parsing first introduced to shell?Blank root password disabled in modern distros?Why is +::0:0::: not supposed to be found in /etc/passwd?

1, 2, 4, 8, 16, ... 33?

Is differentiation as a map discontinuous?

Reorder a matrix, twice

Does "as soon as" imply simultaneity?

Hilbert's hotel: why can't I repeat it infinitely many times?

Tesla coil and Tesla tower

Why weren't the Death Star plans transmitted electronically?

Is the use of language other than English 'Reasonable Suspicion' for detention?

How to create fractional SI units (SI...sqrts)?

relating two diagrams in tikzcd

Hangman Game (YAHG)

Proper way to shut down consumer

Late 1970's and 6502 chip facilities for operating systems

What should I consider when deciding whether to delay an exam?

Do we know the situation in Britain before Sealion (summer 1940)?

practicality of 30 year fix mortgage at 55 years of age

What is the meaning of word 'crack' in chapter 33 of A Game of Thrones?

Why is a road bike faster than a city bike with the same effort? & how much faster it can be?

Research promotions in the middle of post-doc contract

Is it allowed to buy a Probe Bahncard 50 repeatedly?

Is there any relation/leak between two sections of LM358 op-amp?

Lost Update Understanding

Golf (6-card) Golf!

How to say "cheat sheet" in French



Clear text passwords in Unix


Why the inode value of shadow file changes?password store storing some passwords in plain textNIS and /etc/passwdUnix vs OS360 (History)What is the default SHA512 salt used in passwd and for the hash stored in the shadow file?When was command line parsing first introduced to shell?Blank root password disabled in modern distros?Why is +::0:0::: not supposed to be found in /etc/passwd?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?










share|improve this question
















migrated from security.stackexchange.com 8 hours ago


This question came from our site for information security professionals.

























    2















    When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?










    share|improve this question
















    migrated from security.stackexchange.com 8 hours ago


    This question came from our site for information security professionals.





















      2












      2








      2


      1






      When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?










      share|improve this question
















      When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?







      password history passwd shadow






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 8 hours ago









      Glorfindel

      4091 gold badge6 silver badges11 bronze badges




      4091 gold badge6 silver badges11 bronze badges










      asked 8 hours ago









      ZDOSAZDOSA

      141 bronze badge




      141 bronze badge





      migrated from security.stackexchange.com 8 hours ago


      This question came from our site for information security professionals.











      migrated from security.stackexchange.com 8 hours ago


      This question came from our site for information security professionals.









      migrated from security.stackexchange.com 8 hours ago


      This question came from our site for information security professionals.






















          3 Answers
          3






          active

          oldest

          votes


















          5
















          For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).



          • The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the crypt function which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key.

          • When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?

          • Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.

          • Unix also acquired password complexity rules such as a minimum length in the 1970s.

          Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.



          Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.






          share|improve this answer
































            0
















            I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)



            EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:




            Password shadowing first appeared in Unix systems with the development
            of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
            Reno in 1990. But, vendors who had performed ports from earlier UNIX
            releases did not always include the new password shadowing features in
            their releases, leaving users of those systems exposed to password
            file attacks.



            System administrators may also arrange for the storage of passwords in
            distributed databases such as NIS and LDAP, rather than in files on
            each connected system. In the case of NIS, the shadow password
            mechanism is often still used on the NIS servers; in other distributed
            mechanisms the problem of access to the various user authentication
            components is handled by the security mechanisms of the underlying
            data repository.



            In 1987 the author of the original Shadow Password Suite, Julie Haugh,
            experienced a computer break-in and wrote the initial release of the
            Shadow Suite containing the login, passwd and su commands. The
            original release, written for the SCO Xenix operating system, quickly
            got ported to other platforms. The Shadow Suite was ported to Linux in
            1992 one year after the original announcement of the Linux project,
            and was included in many early distributions, and continues to be
            included in many current Linux distributions.







            share|improve this answer


































              0
















              I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):




              Early systems stored passwords in plaintext but eventually this was
              replaced by more secure forms of password storage. Robert Morris
              developed crypt based on the m-209 cipher machine and it appeared in
              Version 3 Unix
              , though Crypt was not used to store passwords until 6th
              Edition Unix (1974).




              According to multiple sources, Version 3 UNIX was released in February, 1973.



              From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:




              The UNIX system was first implemented with a password file that
              contained the actual passwords of all the users, and for that reason
              the password file had to be heavily protected against being either
              read or written.




              /etc/shadow appeared in multiple branches of UNIX as noted in other answers.






              share|improve this answer





























                Your Answer








                StackExchange.ready(function()
                var channelOptions =
                tags: "".split(" "),
                id: "106"
                ;
                initTagRenderer("".split(" "), "".split(" "), channelOptions);

                StackExchange.using("externalEditor", function()
                // Have to fire editor after snippets, if snippets enabled
                if (StackExchange.settings.snippets.snippetsEnabled)
                StackExchange.using("snippets", function()
                createEditor();
                );

                else
                createEditor();

                );

                function createEditor()
                StackExchange.prepareEditor(
                heartbeatType: 'answer',
                autoActivateHeartbeat: false,
                convertImagesToLinks: false,
                noModals: true,
                showLowRepImageUploadWarning: true,
                reputationToPostImages: null,
                bindNavPrevention: true,
                postfix: "",
                imageUploader:
                brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                allowUrls: true
                ,
                onDemand: true,
                discardSelector: ".discard-answer"
                ,immediatelyShowMarkdownHelp:true
                );



                );














                draft saved

                draft discarded
















                StackExchange.ready(
                function ()
                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f542989%2fclear-text-passwords-in-unix%23new-answer', 'question_page');

                );

                Post as a guest















                Required, but never shown

























                3 Answers
                3






                active

                oldest

                votes








                3 Answers
                3






                active

                oldest

                votes









                active

                oldest

                votes






                active

                oldest

                votes









                5
















                For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).



                • The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the crypt function which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key.

                • When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?

                • Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.

                • Unix also acquired password complexity rules such as a minimum length in the 1970s.

                Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.



                Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.






                share|improve this answer





























                  5
















                  For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).



                  • The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the crypt function which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key.

                  • When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?

                  • Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.

                  • Unix also acquired password complexity rules such as a minimum length in the 1970s.

                  Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.



                  Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.






                  share|improve this answer



























                    5














                    5










                    5









                    For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).



                    • The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the crypt function which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key.

                    • When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?

                    • Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.

                    • Unix also acquired password complexity rules such as a minimum length in the 1970s.

                    Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.



                    Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.






                    share|improve this answer













                    For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).



                    • The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the crypt function which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key.

                    • When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?

                    • Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.

                    • Unix also acquired password complexity rules such as a minimum length in the 1970s.

                    Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.



                    Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 6 hours ago









                    GillesGilles

                    576k140 gold badges1188 silver badges1700 bronze badges




                    576k140 gold badges1188 silver badges1700 bronze badges


























                        0
















                        I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)



                        EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:




                        Password shadowing first appeared in Unix systems with the development
                        of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
                        Reno in 1990. But, vendors who had performed ports from earlier UNIX
                        releases did not always include the new password shadowing features in
                        their releases, leaving users of those systems exposed to password
                        file attacks.



                        System administrators may also arrange for the storage of passwords in
                        distributed databases such as NIS and LDAP, rather than in files on
                        each connected system. In the case of NIS, the shadow password
                        mechanism is often still used on the NIS servers; in other distributed
                        mechanisms the problem of access to the various user authentication
                        components is handled by the security mechanisms of the underlying
                        data repository.



                        In 1987 the author of the original Shadow Password Suite, Julie Haugh,
                        experienced a computer break-in and wrote the initial release of the
                        Shadow Suite containing the login, passwd and su commands. The
                        original release, written for the SCO Xenix operating system, quickly
                        got ported to other platforms. The Shadow Suite was ported to Linux in
                        1992 one year after the original announcement of the Linux project,
                        and was included in many early distributions, and continues to be
                        included in many current Linux distributions.







                        share|improve this answer































                          0
















                          I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)



                          EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:




                          Password shadowing first appeared in Unix systems with the development
                          of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
                          Reno in 1990. But, vendors who had performed ports from earlier UNIX
                          releases did not always include the new password shadowing features in
                          their releases, leaving users of those systems exposed to password
                          file attacks.



                          System administrators may also arrange for the storage of passwords in
                          distributed databases such as NIS and LDAP, rather than in files on
                          each connected system. In the case of NIS, the shadow password
                          mechanism is often still used on the NIS servers; in other distributed
                          mechanisms the problem of access to the various user authentication
                          components is handled by the security mechanisms of the underlying
                          data repository.



                          In 1987 the author of the original Shadow Password Suite, Julie Haugh,
                          experienced a computer break-in and wrote the initial release of the
                          Shadow Suite containing the login, passwd and su commands. The
                          original release, written for the SCO Xenix operating system, quickly
                          got ported to other platforms. The Shadow Suite was ported to Linux in
                          1992 one year after the original announcement of the Linux project,
                          and was included in many early distributions, and continues to be
                          included in many current Linux distributions.







                          share|improve this answer





























                            0














                            0










                            0









                            I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)



                            EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:




                            Password shadowing first appeared in Unix systems with the development
                            of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
                            Reno in 1990. But, vendors who had performed ports from earlier UNIX
                            releases did not always include the new password shadowing features in
                            their releases, leaving users of those systems exposed to password
                            file attacks.



                            System administrators may also arrange for the storage of passwords in
                            distributed databases such as NIS and LDAP, rather than in files on
                            each connected system. In the case of NIS, the shadow password
                            mechanism is often still used on the NIS servers; in other distributed
                            mechanisms the problem of access to the various user authentication
                            components is handled by the security mechanisms of the underlying
                            data repository.



                            In 1987 the author of the original Shadow Password Suite, Julie Haugh,
                            experienced a computer break-in and wrote the initial release of the
                            Shadow Suite containing the login, passwd and su commands. The
                            original release, written for the SCO Xenix operating system, quickly
                            got ported to other platforms. The Shadow Suite was ported to Linux in
                            1992 one year after the original announcement of the Linux project,
                            and was included in many early distributions, and continues to be
                            included in many current Linux distributions.







                            share|improve this answer















                            I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)



                            EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:




                            Password shadowing first appeared in Unix systems with the development
                            of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
                            Reno in 1990. But, vendors who had performed ports from earlier UNIX
                            releases did not always include the new password shadowing features in
                            their releases, leaving users of those systems exposed to password
                            file attacks.



                            System administrators may also arrange for the storage of passwords in
                            distributed databases such as NIS and LDAP, rather than in files on
                            each connected system. In the case of NIS, the shadow password
                            mechanism is often still used on the NIS servers; in other distributed
                            mechanisms the problem of access to the various user authentication
                            components is handled by the security mechanisms of the underlying
                            data repository.



                            In 1987 the author of the original Shadow Password Suite, Julie Haugh,
                            experienced a computer break-in and wrote the initial release of the
                            Shadow Suite containing the login, passwd and su commands. The
                            original release, written for the SCO Xenix operating system, quickly
                            got ported to other platforms. The Shadow Suite was ported to Linux in
                            1992 one year after the original announcement of the Linux project,
                            and was included in many early distributions, and continues to be
                            included in many current Linux distributions.








                            share|improve this answer














                            share|improve this answer



                            share|improve this answer








                            edited 6 hours ago

























                            answered 8 hours ago









                            VGe0rgeVGe0rge

                            1546 bronze badges




                            1546 bronze badges
























                                0
















                                I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):




                                Early systems stored passwords in plaintext but eventually this was
                                replaced by more secure forms of password storage. Robert Morris
                                developed crypt based on the m-209 cipher machine and it appeared in
                                Version 3 Unix
                                , though Crypt was not used to store passwords until 6th
                                Edition Unix (1974).




                                According to multiple sources, Version 3 UNIX was released in February, 1973.



                                From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:




                                The UNIX system was first implemented with a password file that
                                contained the actual passwords of all the users, and for that reason
                                the password file had to be heavily protected against being either
                                read or written.




                                /etc/shadow appeared in multiple branches of UNIX as noted in other answers.






                                share|improve this answer































                                  0
















                                  I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):




                                  Early systems stored passwords in plaintext but eventually this was
                                  replaced by more secure forms of password storage. Robert Morris
                                  developed crypt based on the m-209 cipher machine and it appeared in
                                  Version 3 Unix
                                  , though Crypt was not used to store passwords until 6th
                                  Edition Unix (1974).




                                  According to multiple sources, Version 3 UNIX was released in February, 1973.



                                  From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:




                                  The UNIX system was first implemented with a password file that
                                  contained the actual passwords of all the users, and for that reason
                                  the password file had to be heavily protected against being either
                                  read or written.




                                  /etc/shadow appeared in multiple branches of UNIX as noted in other answers.






                                  share|improve this answer





























                                    0














                                    0










                                    0









                                    I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):




                                    Early systems stored passwords in plaintext but eventually this was
                                    replaced by more secure forms of password storage. Robert Morris
                                    developed crypt based on the m-209 cipher machine and it appeared in
                                    Version 3 Unix
                                    , though Crypt was not used to store passwords until 6th
                                    Edition Unix (1974).




                                    According to multiple sources, Version 3 UNIX was released in February, 1973.



                                    From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:




                                    The UNIX system was first implemented with a password file that
                                    contained the actual passwords of all the users, and for that reason
                                    the password file had to be heavily protected against being either
                                    read or written.




                                    /etc/shadow appeared in multiple branches of UNIX as noted in other answers.






                                    share|improve this answer















                                    I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):




                                    Early systems stored passwords in plaintext but eventually this was
                                    replaced by more secure forms of password storage. Robert Morris
                                    developed crypt based on the m-209 cipher machine and it appeared in
                                    Version 3 Unix
                                    , though Crypt was not used to store passwords until 6th
                                    Edition Unix (1974).




                                    According to multiple sources, Version 3 UNIX was released in February, 1973.



                                    From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:




                                    The UNIX system was first implemented with a password file that
                                    contained the actual passwords of all the users, and for that reason
                                    the password file had to be heavily protected against being either
                                    read or written.




                                    /etc/shadow appeared in multiple branches of UNIX as noted in other answers.







                                    share|improve this answer














                                    share|improve this answer



                                    share|improve this answer








                                    edited 6 hours ago

























                                    answered 6 hours ago









                                    Royce WilliamsRoyce Williams

                                    7356 silver badges18 bronze badges




                                    7356 silver badges18 bronze badges































                                        draft saved

                                        draft discarded















































                                        Thanks for contributing an answer to Unix & Linux Stack Exchange!


                                        • Please be sure to answer the question. Provide details and share your research!

                                        But avoid


                                        • Asking for help, clarification, or responding to other answers.

                                        • Making statements based on opinion; back them up with references or personal experience.

                                        To learn more, see our tips on writing great answers.




                                        draft saved


                                        draft discarded














                                        StackExchange.ready(
                                        function ()
                                        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f542989%2fclear-text-passwords-in-unix%23new-answer', 'question_page');

                                        );

                                        Post as a guest















                                        Required, but never shown





















































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown

































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown







                                        Popular posts from this blog

                                        Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                                        Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                                        199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單