From the FreeBSD Handbook (http://www.freebsd.org/doc/en/books/handbook/crypt.html):
14.4 DES, Blowfish, MD5, and Crypt
Unfortunately the only secure way to encrypt passwords when
UNIX came into being was based on DES, the Data Encryption
I believe the above is not accurate. According to Password Security: A Case History , Morris and Thompson write in their PROLOGUE:
The UNIX system was first implemented with a password file
that contained the actual passwords of all the users....
Later, under THE FIRST SCHEME, Morris and Thompson write:
A convenient and rather good encryption program happened to
exist on the system at the time; it simulated the M-209 cipher
machine used by the U.S. Army during World War II. It turned
out that the M-209 program was usable, but with a given key,
the ciphers produced by this program are trivial to invert. ...
the password was used not as the text to be encrypted but as
the key, and a constant was encrypted using this key.
I'm a big fan of history, and others might also find Morris and Thompson's history of the Unix password system interesting.
Baltimore, MD, US
Take this PR.
I think this issue is obsolete after the recent overhaul of Chapter 14 - Security. Agree? I am unable to find the quoted text in HEAD.
For bugs that match the following
- Status Is In progress
- Untouched since 2018-01-01.
- Affects Base System OR Documentation
Reset to open status.
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
The text in question was removed with rewrite of the security section in r43744.