Password security: a case history

  title={Password security: a case history},
  author={R. Morris and K. Thompson},
  journal={Commun. ACM},
This paper describes the history of the design of the password security scheme on a remotely accessed time-sharing system. The present design was the result of countering observed attempts to penetrate the system. The result is a compromise between extreme security and ease of use. 

Topics from this paper

End User Security
This paper details security risks, compromises, and options available to the average computer user. It includes specific discussions of encryption and password security. Analysis of a survey ofExpand
On improvements to password security
A technique to allow long password-phrases that makes an exhaustive search impracticable is presented, and a solution to eavesdropping problems using public-key cryptography is proposed. Expand
Passblot: A Usable Way of Authentication Scheme to Generate One Time Passwords
One of the promising alternatives is Graphical password based authentication systems which if implemented properly are secure but not as easy to understand or learn. Expand
Passwords and the evolution of imperfect authentication
Theory on passwords has lagged practice, where large providers use back-end smarts to survive with imperfect technology.
Proactive Password Checking
This paper presents generic requirements for proactive password changer. It then examines two of the most popular, publicly-available programs to see how well they meet the requirements. FutureExpand
A survey of password mechanisms: Weaknesses and potential improvements. Part 2
A simple extension of the UNIX password system is described that permits the use of pass-phrases and several recommendations are presented for the improvement of password mechanisms. Expand
An Assessment of the Oracle Password Hashing Algorithm
The algorithm used for generating password hashes is reviewed, and it is shown that the current mechanism presents a number of weaknesses, making it straightforward for an attacker with limited resources to recover a user's plaintext password from the hashed value. Expand
A remote password authentication scheme based on the digital signature method
  • M. Hwang
  • Computer Science
  • Int. J. Comput. Math.
  • 1999
A remote password authentication scheme based on the digital signature methods is proposed that does not require the system to maintain a password file, and it can withstand attacks based on message replaying. Expand
Password Authentication Without Using a Password Table
  • G. Horng
  • Computer Science
  • Inf. Process. Lett.
  • 1995
This paper proposes a password authentication scheme where the system keeps polynomials instead of a table for verification, and it is shown that the system is vulnerable to keep such a table. Expand
Proofs of Security for the Unix Password Hashing Algorithm
The results show that the hashing algorithm is very good at extracting almost all of the available strength from the underlying cryptographic primitive and provide good reason for confidence in the Unix construction. Expand


The UNIX Time-sharing System
UNIX is a general-purpose, interactive time-sharing operating system for the DEC PDP-11 and Interdata 8/32 computers. Since it became operational in 1971, it has become quite widely used. This paperExpand
Communications November ACM Number
  • Communications November ACM Number
  • 1979
Proposed Federal Information Processing Data Encryption Standard
  • Federal Register (40FR12134)
  • 1975
The UNIX T ime-Sharing System.Comm
  • 1974
Proposed Federal Information Processing Data Encryption Standard. Federal Register (40FR12134)
    U. S. Patent Number
    • U. S. Patent Number