[Cryptography] The proper way to hash password files
Dave Horsfall
dave at horsfall.org
Mon May 26 05:28:31 EDT 2014
On Mon, 26 May 2014, Dave Horsfall wrote:
> On Thu, 22 May 2014, Phillip Hallam-Baker wrote:
>
> > It occurs to me that most of the time, machines do password files wrong.
> > Rather than using a salted hash, a better approach would be to use a MAC
> > with a randomly chosen key that is never disclosed.
>
> Giggle. In the really early days of Unix, passwords were stored in the
> clear, in a world-unreadable file, but using a temporary file for
> intermediate processing. Then, one day, it picked the same file as did a
> text editor, and the emperor suddenly had no clothes... Major oops.
Oops - it was CTSS at MIT.
-- Dave
More information about the cryptography
mailing list