Storing passwords in cleartext was considered bad, incompetent practice since the 1970s, at the very least. Probably earlier. Anyone doing it in 2012 was grossly incompetent.

Not kidding.

> Anyone doing it in 2012 was grossly incompetent.

@liw or had ulterior motives?

@liw Does anyone believe a single word these companies say any more?

Fifteen years ago not salting your hashed passwords was widely known to be grossly careless.

Zuckerberg is an elite hacker and employs thousands of other elite hackers.


We had crypto and hashes in the 70’s?

Not being a troll. Actually asking. I assumed that to be the mainframe days and I’m not entirely sure how passwords were stored then. I thought that was before the shadow file. I’m not sure how passwords were stored in the passwd file before that.

@jonw We did. The Unix /etc/passwd file was world-readable, but that was (supposedly) OK because the password field was encrypted.

And the vast majority of networks were not inter-connected back in the 70's so breaches were relatively local.
Only elites such as Military/Intelligence and some Academia would have been inter-connected. They had at least a 20 year head-start on the rest of the world to figure out best practice. Those studying in elite institutions like Harvard would have known about best practice.


Ah, I see. We were already using shadow files when I became aware of how credentials were stored in Linux, but I was always vaguely aware that it was a kludge because of the (still) extant password field in the passwd file.
Sign in to participate in the conversation
Social Nasqueron

Nasqueron is a budding community of creative people, writers, developers and thinkers. We focus on free culture, ethics and to be a positive change. We share values like respect, justice and equity.