Storing passwords in cleartext was considered bad, incompetent practice since the 1970s, at the very least. Probably earlier. Anyone doing it in 2012 was grossly incompetent.

Not kidding.

> Anyone doing it in 2012 was grossly incompetent.

@liw or had ulterior motives?

@liw

We had crypto and hashes in the 70’s?

Not being a troll. Actually asking. I assumed that to be the mainframe days and I’m not entirely sure how passwords were stored then. I thought that was before the shadow file. I’m not sure how passwords were stored in the passwd file before that.

@jonw We did. The Unix /etc/passwd file was world-readable, but that was (supposedly) OK because the password field was encrypted.

@jonw
And the vast majority of networks were not inter-connected back in the 70's so breaches were relatively local.
Only elites such as Military/Intelligence and some Academia would have been inter-connected. They had at least a 20 year head-start on the rest of the world to figure out best practice. Those studying in elite institutions like Harvard would have known about best practice.

@liw

Ah, I see. We were already using shadow files when I became aware of how credentials were stored in Linux, but I was always vaguely aware that it was a kludge because of the (still) extant password field in the passwd file.
Sign in to participate in the conversation
Social Nasqueron

Nasqueron is a budding community of creative people, writers, developers and thinkers. We focus on free culture, ethics and to be a positive change. We share values like respect, justice and equity.