Clear text passwords in UnixWhy the inode value of shadow file changes?password store storing some passwords in plain textNIS and /etc/passwdUnix vs OS360 (History)What is the default SHA512 salt used in passwd and for the hash stored in the shadow file?When was command line parsing first introduced to shell?Blank root password disabled in modern distros?Why is +::0:0::: not supposed to be found in /etc/passwd?
What are the consequences of high orphan block rate?
Why does C++ have 'Undefined Behaviour' and other languages like C# or Java don't?
What exactly did this mechanic sabotage on the American Airlines 737, and how dangerous was it?
Which place in our solar system is the most fit for terraforming?
Proper way to shut down consumer
Is there a way to hide HTML source code yet keeping it effective?
Tesla coil and Tesla tower
Why solving a differentiated integral equation might eventually lead to erroneous solutions of the original problem?
Does "as soon as" imply simultaneity?
Under what circumstances would RAM locations 0 and 1 be written and/or read on the C64?
Reorder a matrix, twice
Why did UK NHS pay for homeopathic treatments?
How to say "cheat sheet" in French
Suffocation while cooking under an umbrella?
Quick Yajilin Puzzles: Scatter and Gather
Lost Update Understanding
Safe to use 220V electric clothes dryer when building has been bridged down to 110V?
What is the meaning of word 'crack' in chapter 33 of A Game of Thrones?
Is it impolite to ask for an in-flight catalogue with no intention of buying?
OSM Thunderforest API keys in QGIS3
Does wetting a beer glass change the foam characteristics?
Late 1970's and 6502 chip facilities for operating systems
Does the Prepare Food ability from Cook's Utensils stack?
Why does this image of Jupiter look so strange?
Clear text passwords in Unix
Why the inode value of shadow file changes?password store storing some passwords in plain textNIS and /etc/passwdUnix vs OS360 (History)What is the default SHA512 salt used in passwd and for the hash stored in the shadow file?When was command line parsing first introduced to shell?Blank root password disabled in modern distros?Why is +::0:0::: not supposed to be found in /etc/passwd?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
add a comment
|
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
add a comment
|
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
password history passwd shadow
password history passwd shadow
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
edited 7 hours ago
Glorfindel
4091 gold badge6 silver badges11 bronze badges
4091 gold badge6 silver badges11 bronze badges
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
asked 8 hours ago
ZDOSAZDOSA
141 bronze badge
141 bronze badge
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
migrated from security.stackexchange.com 8 hours ago
This question came from our site for information security professionals.
add a comment
|
add a comment
|
3 Answers
3
active
oldest
votes
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f542989%2fclear-text-passwords-in-unix%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
For the early history of Unix password storage, read Robert Morris and Ken Thompson's Password Security: A Case History. They explain why and how early Unix systems acquired most the features that are still seen today as the important features of password storage (but done better).
- The first Unix systems stored passwords in plaintext. Unix Third Edition introduced the
cryptfunction which hashes the password. It's described as “encryption” rather than “hashing” because modern cryptographic terminology wasn't established yet and it used an encryption algorithm, albeit in an unconventional way. Rather than encrypt the password with a key, which would be trivial to undo when you have the key (which would have to be stored on the system), they use the password as the key. - When Unix switched from an earlier cipher to the then-modern DES, it was also made slower by iterating DES multiple times. I don't know exactly when that happened: V6? V7?
- Merely hashing the password is vulnerable to multi-target attacks: hash all the most common passwords once and for all, and look in the password table for a match. Including a salt in the hashing mechanism, where each account has a unique salt, defeats this precomputation. Unix acquired a salt in Seventh Edition in 1979.
- Unix also acquired password complexity rules such as a minimum length in the 1970s.
Originally the password hash was in the publicly-readable file /etc/passwd. Putting the hash in a separate file /etc/shadow that only the system (and the system administrator) was one of the many innovations to come from Sun, dating from around SunOS 4 in the mid-1980s. It spread out gradually to other Unix variants (partly via the third party shadow suite whose descendent is still used on Linux today) and wasn't available everywhere until the mid-1990s or so.
Over the years, there have been improvements to the hashing algorithm. The biggest jump was Poul-Henning Kamp's MD5-based algorithm in 1994, which replaced the DES-based algorithm by one with a better design. It removed the limitation to 8 password characters and 2 salt characters and had increased slowness. See IEEE's Developing with open source software, Jan–Feb. 2004, p. 7–8. The SHA-2-based algorithms that are the de facto standard today are based on the same principle, but with slightly better internal design and, most importantly, a configurable slowness factor.
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
answered 6 hours ago
GillesGilles
576k140 gold badges1188 silver badges1700 bronze badges
576k140 gold badges1188 silver badges1700 bronze badges
add a comment
|
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
add a comment
|
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
I am not a big fan of copy-paste so have a look at the history section in the wikipedia's passwd page ;)
EDIT: As it seems it's not a good practice to just share a link with the exact information that you want. So apart from the link let me also quote the wikipedia's relevant section here:
Password shadowing first appeared in Unix systems with the development
of SunOS in the mid-1980s,[10] System V Release 3.2 in 1988 and BSD4.3
Reno in 1990. But, vendors who had performed ports from earlier UNIX
releases did not always include the new password shadowing features in
their releases, leaving users of those systems exposed to password
file attacks.
System administrators may also arrange for the storage of passwords in
distributed databases such as NIS and LDAP, rather than in files on
each connected system. In the case of NIS, the shadow password
mechanism is often still used on the NIS servers; in other distributed
mechanisms the problem of access to the various user authentication
components is handled by the security mechanisms of the underlying
data repository.
In 1987 the author of the original Shadow Password Suite, Julie Haugh,
experienced a computer break-in and wrote the initial release of the
Shadow Suite containing the login, passwd and su commands. The
original release, written for the SCO Xenix operating system, quickly
got ported to other platforms. The Shadow Suite was ported to Linux in
1992 one year after the original announcement of the Linux project,
and was included in many early distributions, and continues to be
included in many current Linux distributions.
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
edited 6 hours ago
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
answered 7 hours ago
VGe0rgeVGe0rge
1546 bronze badges
1546 bronze badges
add a comment
|
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
add a comment
|
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
I don't yet have a primary source, but according to this TrustedSec post (emphasis mine):
Early systems stored passwords in plaintext but eventually this was
replaced by more secure forms of password storage. Robert Morris
developed crypt based on the m-209 cipher machine and it appeared in
Version 3 Unix, though Crypt was not used to store passwords until 6th
Edition Unix (1974).
According to multiple sources, Version 3 UNIX was released in February, 1973.
From the original paper by Thompson and Morris, we can confirm that plaintext storage was originally used:
The UNIX system was first implemented with a password file that
contained the actual passwords of all the users, and for that reason
the password file had to be heavily protected against being either
read or written.
/etc/shadow appeared in multiple branches of UNIX as noted in other answers.
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
edited 6 hours ago
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
answered 6 hours ago
Royce WilliamsRoyce Williams
7356 silver badges18 bronze badges
7356 silver badges18 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f542989%2fclear-text-passwords-in-unix%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
