When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?
# 1  
Old 03-09-2012
When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the requirements are that passwords not be displayed when you type it as you log in, and that passwords not be stored in clear text. Can anyone point me to some documentation saying either that UNIX has never done those things, or when UNIX (AIX, specifically, but other flavors might be helpful later on) stopped doing those things?
# 2  
Old 03-09-2012
Something like that you want ?

Code:
#!/bin/bash
# secret-pw.sh: secret password
echo
echo -n "Enter password "
read passwd
echo "password is $passwd"
echo -n "If someone had been looking over your shoulder, "
echo "your password would have been compromised."
echo && echo # Two line-feeds in an "and list."
stty -echo # Turns off screen echo.
echo -n "Enter password again "
read passwd
echo
echo "password is $passwd"
echo
stty echo

# 3  
Old 03-09-2012
I've used many flavours of unix since 1980 and Linux since 1992, I have yet to see one that echos anything back to the screen.

Here is the link to RFC86 which was the Pluggable Authentication Modules, but I can say that before that I had never seen a password echoed on any of the many versions that I had worked with.

These included DG's MVUX and DGUX, Dynix, Olivetti Unix, CT Unix and a number of others.

Last edited by gull04; 03-09-2012 at 12:32 PM.. Reason: Typo
# 4  
Old 03-09-2012
Research the crypt function for details on how UNIX password encryption worked historically, and the shadow system for when they moved that out of /etc/passwd completely.

UNIX as its now known never stored passwords in plaintext, that would be preposterous. /etc/passwd must be world-readable, they must be protected in some way. They didn't just encrypt the passwords, they encrypted them irretrievably. Not even the operating system can tell what the hashes are supposed to mean. Instead, when you login, it takes a hash of what you typed and compares the result to see if it's identical to the hash stored in /etc/passwd. If they match, you login.

There turned out to be vulnerabilities in letting everyone see all the hashes. If you happen to have the same password as someone else, you might notice the identical hash, something they fixed with a random salt which obscures the hashes from being checked quite so easily. Still, however, you can't go backwards from a hash, but you can check a thousand strings from a dictionary and all 256 of their salts to see if any of them become that same hash. They took measures to make crypt() too unwieldy to do that quickly, but advances in computing soon made it not unwieldy enough, and the password hashes were split out into a "shadow" file, which is only readable by root.

The old-fashioned UNIX crypt() algorithm is is mostly obsolete, now, but has been extended to allow other kinds of encryption in the same sort of stored hash.

As for echoing back to the screen, UNIX terminal control is also about as old as UNIX itself -- what else would they control them with back then? I suspect the ability to turn off echo predates UNIX, even.

Last edited by Corona688; 03-09-2012 at 12:43 PM..
# 5  
Old 03-09-2012
Hi.

Note also that the original terminal for UNIX (TM) was in fact a teletype -- a TTY. That, and many hardcopy devices, would always show the text as it was typed in, so the 8 character-space for the password was obscured beforehand with a series of over-strikes, so that it was very difficult to see what had been typed by the human. Still the NSA could ... but that's a different story, eh? Smilie ... cheers, drl
This User Gave Thanks to drl For This Post:
# 6  
Old 03-09-2012
Quote:
I suspect the ability to turn off echo predates UNIX, even.
It certainly does.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to change passwords for User accounts on multiple UNIX/Linux machines remotely?

Hello Experts, Need some direction on creating shell script for following environment: We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and... (3 Replies)
Discussion started by: sha2402
3 Replies

2. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

3. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

4. Cybersecurity

how to Hide Passwords From UNIX ps Command

Hi, By reporting the process status with ps, any Unix user will see the command line arguments #ps -ef UID PID PPID C STIME TTY TIME CMD lsc 13837 13825 0 May 11 pts/17 0:01 -ksh oracle 4698 6294 0 12:00:40 ? 0:00 sqlplus -s system/manager appluser 4229 4062 0 12:00:03... (2 Replies)
Discussion started by: bhagirathi
2 Replies

5. Shell Programming and Scripting

Script to Check for Unix/Linux Passwords

We have almost 100+ Unix/Linux servers, on which I have account. Does anybody have a batch script which can do the following : - check if my password is correct - change my password We use SFTP/SSH on Linux. The solution should force reading of password from command line. ( Passwordless... (1 Reply)
Discussion started by: lucknowm
1 Replies

6. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

7. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies

8. UNIX for Dummies Questions & Answers

Unix passwords?

The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters. (1 Reply)
Discussion started by: wmosley2
1 Replies

9. Solaris

Urgent !!! - Script to Change passwords in unix

I have SunOs 5.8. I need to change password using a unix shell script. I have tried to pipe the passwords to the passwd command but does not work. Pls provide a script to change passwds of a list of users using a shell script. ( I have also tried crypt() but did not work) The flow of the... (2 Replies)
Discussion started by: tofani
2 Replies
Login or Register to Ask a Question