←back to thread

5 points Tomte | 1 comments | | HN request time: 0.205s | source
Show context
Terr_ ◴[] No.42202055[source]
> As a result of Morris and Thompson’s recommendations [of one-way hashing] and those who believed their assumptions without evidence, it was not until well into the 21st century that the scientific community learned just how ineffective password policies were.

Not sure about where the "scientific" community boundaries are, but I'm pretty sure that even in the pre-21st decades it was no secret among system administrators. They knew their users erred towards the most terrible passwords the system would permit.

replies(1): >>42202510 #
1. eesmith ◴[] No.42202510[source]
Yes, they knew it was a problem because tools like John the Ripper, a password cracking software tool, were developed in the 1990s and showed that a lot of people used easily cracked passwords. (I mention that one because it's one I used back then, as a part-time sys admin.)

The part which makes the text correct (or at least "technically correct") is "just how ineffective". Password crackers couldn't analyze the uncracked passwords to tell you how effective they actually were, leaving doubt.