STUDY SPACE
Password Security: A Case History

Password Security: A Case History

November 1979 | Robert Morris and Ken Thompson
This paper by Robert Morris and Ken Thompson from Bell Laboratories details the evolution of password security in the UNIX time-sharing system. The design of the password system was driven by the need to balance security and ease of use, addressing the challenges posed by various attacks over the years. Initially, the system used a simple password file containing encrypted passwords, which was vulnerable to unauthorized access and key searches. To improve security, they introduced slower encryption using the DES algorithm, encouraged users to use more complex passwords, and implemented "salted" passwords to make dictionary attacks less effective. They also addressed the threat of DES chips by modifying the DES algorithm to prevent their use. The paper emphasizes the importance of maintaining records of login attempts and acknowledges the hostile environment in which time-sharing systems operate. The authors' approach, which involved openly discussing and inviting attacks, has proven successful in enhancing system security.This paper by Robert Morris and Ken Thompson from Bell Laboratories details the evolution of password security in the UNIX time-sharing system. The design of the password system was driven by the need to balance security and ease of use, addressing the challenges posed by various attacks over the years. Initially, the system used a simple password file containing encrypted passwords, which was vulnerable to unauthorized access and key searches. To improve security, they introduced slower encryption using the DES algorithm, encouraged users to use more complex passwords, and implemented "salted" passwords to make dictionary attacks less effective. They also addressed the threat of DES chips by modifying the DES algorithm to prevent their use. The paper emphasizes the importance of maintaining records of login attempts and acknowledges the hostile environment in which time-sharing systems operate. The authors' approach, which involved openly discussing and inviting attacks, has proven successful in enhancing system security.
Terms of Service
Privacy Policy
Reach us at info@study.space