Blog

Initially computer did not have password and totally relied on physical security

Initially computer did not have password and totally relied on physical security. Development of shared network like MIT’s Compatible Time-Sharing System (CTSS) in 1961 led to need of password. (TrusedSec, 2015)CTSS was a computer engineered for multiple users. During 1962, CTSS got bugged when the instruction XEC was entered by Allan Scherr, which infected the system’s master password profile. So on every session when the user logs in, the list of all CTSS user passwords gets displayed. (Vleck, 1995-2017). Scherr printed out those password offline using punchcard and shared those password to other users. And this became the first computer-related security breach. (WIRED, 2018)

During the 1970s, UNIX developers saw the importance of password security. UNIX Operating system’s 6th edition implements a password cipher that simulates the M-209 cipher machine which was used in World War II. The cipher uses the encryption key as a password instead of plain text. The encryption key help to increase the password security of M-209 cipher. (SANS Institute, 2014)
During 1978 a study was done by Robert Morris calculating on the basis of the average password length used at the time he calculated that it would take 318 hours for a key brute force dictionary attack against 62 alphanumerical characters (SANS Institute, 2014)