The 1979 paper "Password security: a case history" by Robert Morris and Ken Thompson is really, really good. It documents the evolution of the UNIX password security implementation, from "store all password in cleartext in the same file" to something that uses a slow algorithm and salting to defend against attacks such as the whole password database leaking, brute force guessing, dictionary attackes, and rainbow attackes.

Pre-publication PDF:

Highly recommended for anyone who has even a passing need to understand password security.

This applies to anyone who ever thinks storing passwords in cleartext is a good idea.

Sad thought: all of this was well known in 1979. People are building websites in 2020 that don't take any of the basic precautions to keep passwords safe.

@liw The age of some tech notions can be quite surprising.

Fitts's Law dates to the 1950s.

As does the saying "complexity is the enemy", full quote being "Complexity is the enemy of reliability". From The Economist.

We're slow learners.

Sign in to participate in the conversation

Lars and friends