Goodbye to the Creator of the Password, And Also Goodbye to Passwords?

Non-interactive zero-knowledge (NIZK) proofs for the equality (EQ) of discrete logarithms (DL)

In May 2019, the creator of the password — Fernando Corbato — died at the age of 93. He also worked on time-sharing methods within the Massachusetts Institute of Technology (MIT).

But why do passwords even exist in this modern digital world, and why do we still send them to companies? They are at the root of privacy and digital security, but still, we blindly pass our secrets over to companies that we don’t quite trust.

The whole concept of passwords and of password hashing is a historical thing from the past — and where there was little thought of the global Internet that we have now. Initially we one stored the password itself in a restricted place, and then we evolved to store a one-way version of the password — the hash. Unfortunately, the one-way function can be easily broken with either a dictionary attack or brute force. So then we added in salt, but the salt is stored with the hashed password so that it is not that difficult to create a dictionary attack on our password. Once discovered, we could cause many problems, especially if the user has used the same password on many different systems.