Early Unix stored user passwords — hashed, yes, but still — in /etc/passwd, a file that every user on the system could read. The logic seemed sound at the time: hashes aren’t passwords, right? Then faster hardware arrived, and so did John the Ripper. The scramble to move actual password hashes to /etc/shadow — readable only by root — was well underway by the late 1980s and early 1990s, and yet many systems kept the old insecure layout for years afterward out of sheer inertia. /etc/passwd itself still exists on every Unix system today, now a harmless roster of usernames and shells — a monument to the optimistic security assumptions of an era when the internet was a polite neighbourhood and no one imagined anyone would be unpleasant.
