[Cryptography] Possible reason why password usage rules are such a mess

[Jerry Leichter]

> In 1979, Ken Thompson and Bob Morris published "Password Security: A
> Case History" in the CACM.  On the third page is a table showing how
> long it takes to do an exhaustive search of passwords for various
> lengths and character sets....
When Unix first became publicly available, there was a population of Unix dweebs who would bow down to the immortal words and code of Thompson and Morris and Ritchie - typically with no understanding of what those guys actually *did* and how much care and work went into it; or the particular environment in which they worked.  I read a series of messages on a Unix Usenet newsgroup which argued against the notion of a private encrypted password file - after all, the gods of Unix had PROVEN that THE WAY was to make that stuff public.

I responded that if you read the article, you could see that they had to go through multiple iterations, all but the last of which were successfully attacked; and that in fact it was really an argument that this is a cool idea but the advance of technology renders any such mechanism vulnerable, and fairly quickly.

Many people jumped on me for not understanding The True Way of Unix - until Ken Thompson, in a Marshal-McLuhan-steps-out-from-behind-the-movie-poster moment, replied with a brief message:  "Leichter is right".  :-)

                                                        -- Jerry