Despite 22 years of educational efforts during Cybersecurity Awareness Month, the 2025 list of the most commonly used passwords still includes “123456,” “qwerty” and “password.” That’s why we should all thank Unix co-creator Ken Thompson and contributor Robert Morris for adding a dash of salt alongside the hash in password security. Learn more about how this innovation shaped modern cybersecurity in this edition of Tech Time Warp.
How a pinch of “salt” revolutionized password security
As described in depth in this 1979 paper, Thompson and Morris sought to secure the time-sharing system they were developing at Bell Laboratories. They tackled their challenge by thinking like “the bad guy.” Even among a cadre of top computer scientists, self-selected passwords were simple and relatively redundant—which meant it was necessary to hash the passwords, or use a mathematical formula to convert passwords into a complex code stored by the system. That sounds effective, except two users with the same passwords will have the same hashed result, which means the nefarious are only temporarily detained from figuring out a password, not locked out entirely.
A dash of “salt” changed the equation, though. Thompson and Morris added a unique string of characters—called the “salt”—to each password before hashing it, thereby enhancing the password’s security.
This cryptographic breakthrough was big, but in their paper, Thompson and Morris were upfront about other perennial cybersecurity risks that are much less exciting to tackle: “Although the security of a password encryption algorithm is an interesting intellectual and mathematical problem, it is only one tiny facet of a very large problem. In practice, physical security of the computer, communications security of the communications link, and physical control of the computer itself loom as far more important issues. Perhaps most important of all is control over the actions of ex-employees …” Wise words indeed.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: Hazal Ak / Shutterstock
This post originally appeared on Smarter MSP.