By Robert McMillan, wired.com | Published a day ago 作者 罗伯特·麦克米伦(Robert McMillan),wired.com
Fernando Corbató at MIT in the 1960s. Was MIT\'s CTSS computer the first one to use passwords? 费尔南多·科巴托(Fernando Corbató)在MIT,上世纪六十年代。CTSS计算机是否密码的第一个使用者? If you’re like most people, you’re annoyed by passwords. You’ve got dozens to remember — some of themtortuously complex — and on any given day, as you read e-mails, send tweets, and order groceries online, you’re bound to forget one, or at least mistype it. You may even be one of those unfortunate people who’ve had a password stolen, thanks to the dodgy security on the machines that store them. 如果你跟大多数人一样的话,一定会对密码感到烦恼。有一打的密码要记—其中有些复杂到啰嗦的程度—在任何一天中,每当你读邮件、发微博,或者是在线订购食品,你一定会忘记或者起码敲错一个密码。由于存放密码机器那不靠谱的安全性,你也许甚至会是那些不走运的密码被盗者中的一员。 But who’s to blame? Who invented the computer password? 不过该怪谁呢?是谁发明了计算机密码? Like the invention of the wheel or the story of the doorknob, the password’s creation is shrouded in the mists of history. Romans used them. Shakespeare kicks off Hamlet with one — “Long live the King” — when Bernardo must prove he’s a loyal soldier of the King of Denmark. But where did the first computer password show up? 正如轮子的发明以及门把手的故事一样,密码的创造也为历史的迷雾所掩盖。罗马人使用了密码。莎士比亚首先让哈姆雷特的“国王万岁”开了先河—当贝尔纳多(Bernardo)必须证明自己是丹麦国王的一位忠诚的士兵时。但是,第一个计算机密码是在哪里出现的呢? It probably arrived at the Massachusetts Institute of Technology in the mid-1960s, when researchers at the university built a massive time-sharing computer called CTSS. The punchline is that even then, passwords didn’t protect users as well as they could have. Technology changes. But, then again, it doesn’t. 它有可能在二十世纪六十年代出现于麻省理工学院(Massachusetts Institute),那时候该大学的研究人员正在建设一台名为CTSS的大规模分时计算机。最搞笑的是,即便在那个时候密码也没有如理应那般保护用户。技术发展了。不过再一次地,密码依然未能保护用户。 Nearly all of the computer historians contacted by Wired in the past few weeks said that the first password must have come from MIT’s Compatible Time-Sharing System. In geek circles, it’s famous. CTSS pioneered many of the building blocks of computing as we know it today: things like e-mail, virtual machines, instant messaging, and file sharing. 在过去几周里,几乎所有连线杂志所联络的计算机历史学家均称第一个计算机密码来自于MIT的兼容分时系统(Compatible Time-Sharing System)。该系统在极客的圈子里是很出名的。CTSS是许多我们今天所熟知的计算建构模块—像电子邮件、虚拟机器、即时通信以及文件共享的先驱。 Fernando Corbató — the man who shepherded the CTSS project back in the mid-1960s — is a little reluctant to take credit. “Surely there must be some antecedents for this mechanism,” he told us, before questioning whether the CTSS was beaten to the punch by IBM’s $30 million Sabre ticketing system, a contraption built in 1960, back when $30 million could buy you a handful of jetliners. But when we contacted IBM, it wasn’t sure. 回到上世纪六十年代,费尔南多·科巴托—这位领导CTSS项目的人,有点不太情愿接受这份荣誉。“当然这个机制肯定有某种来历,”在质疑CTSS是否被IBM那3000万美元的Sabre售票系统击败之前,他这样告诉我们。后者是在上世纪六十年代建造的一个非常精妙的装置,那时候3000万美元可是能够让你买上几架喷气客机的。不过当我们联络IBM时,他们并未肯定。 According to Corbató, even though the MIT computer hackers were breaking new ground with much of what they did, passwords were pretty much a no-brainer. “The key problem was that we were setting up multiple terminals which were to be used by multiple persons but with each person having his own private set of files,” he told Wired. “Putting a password on for each individual user as a lock seemed like a very straightforward solution.” 据科巴托说,虽然MIT的计算机黑客的大部分的工作都开辟着新领域,但密码的出炉却是一件相当不需要动脑的事。“关键问题是我们正在设置供多人使用的多台终端,但是每个人都有一组个人私有的文件,”他告诉连线说:“为每个人设立一个密码当做锁看起来似乎是非常直观的解决方案。” Back in the ’60s, there were other options, according to Fred Schneider, a computer science professor at Cornell University. The CTSS guys could have gone for knowledge-based authentication, where instead of a password, the computer asks you for something that other people probably don’t know — your mother’s maiden name, for example. 据康奈尔大学的计算机科学教授弗雷德·施耐德(Fred Schneider)所言,回到上世纪六十年代那时候,当时还存在着其他的选项。CTSS的那帮家伙本来也可以选择基于知识的验证而不是密码的,那种方式下计算机会询问你一些别人可能不知道的东西—比方说,你妈妈的婚前姓。 But in the early days of computing, passwords were surely smaller and easier to store than the alternative, Schneider says. A knowledge-based system “would have required storing a fair bit of information about a person, and nobody wanted to devote many machine resources to this authentication stuff.” 但是,在计算机技术发展的早期日子里,密码当然要比替代方案更小巧、更容易存储,施耐德说。一个知识系统“将会需要存储有关一个人的相当一部分信息,没有人愿意贡献许多的机器资源给验证这件事情。” The irony is that the MIT researchers who pioneered the passwords didn’t really care much about security. CTSS may also have been the first system to experience a data breach. One day in 1966, a software bug jumbled up the system’s welcome message and its master password file so that anyone who logged in was presented with the entire list of CTSS passwords. But that’s not the good story. 令人讽刺的是,倡导了密码的MIT研究人员对于安全实际上并没有太多的关心。CTSS有可能还是第一个经历过数据破坏的系统。1966年的一天,一个软件缺陷将该系统的欢迎信息和主密码文件混到了一起,使得登录进去的任何人都能看到整个CTSS密码的清单。不过这可不是一个好故事。 Twenty-five years after the fact, Allan Scherr, a Ph.D. researcher at MIT in the early ’60s, came clean about the earliest documented case of password theft. 此事发生的25年之后,艾伦·谢尔(Allan Scherr),MIT上个世纪六十年代早期的博士研究员和盘托出了这一有记录的最早的密码被窃案。 In the spring of 1962, Scherr was looking for a way to bump up his usage time on CTSS. He had been allotted four hours per week, but it wasn’t nearly enough time to run the detailed performance simulations he’d designed for the new computer system. So he simply printed out all of the passwords stored on the system. 1962年春天,谢尔正在寻找提升其CTSS使用时间的途径。他每周被配给了4个小时,但是对于运行他设计用于新计算机系统的详细性能模拟来说,这点时间仍未足够。因此,他就把存在系统上的所有密码都打印了出来。 “There was a way to request files to be printed offline by submitting a punched card,” he remembered in apamphlet written last year to commemorate the invention of the CTSS. “Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing.” “有一种办法可以申请离线打印文件,即提交一张穿孔卡,”他在去年写的一本纪念CTSS发明的小册子中回忆道:“星期五晚很晚的时候,我提交了一分密码文件的打印请求,然后在星期六很早的时候就来到打印文本所在的文件柜取走了那份清单。” To spread the guilt around, Scherr then handed the passwords over to other users. One of them — J.C.R. Licklieder — promptly started logging into the account of the computer lab’s director Robert Fano, and leaving “taunting messages” behind. 为了让自己的罪行扩散,谢尔还把密码分发给了其他的用户。林克德尔(J.C.R. Licklieder),他们当中的一位,立刻开始登录进计算机实验室主任罗伯特·费诺(Robert Fano)的账号,并留下了“嘲弄的信息”。 Scherr left MIT in May 1965 to take a job at IBM, but 25 years later he confessed to Professor Fano in person. “He assured me that my Ph.D. would not be revoked.” 1965年5月,谢尔离开了MIT并在IBM找了一份工作,不过25年后,他独自向费诺教授进行了坦白。“他向我保证,我的博士头衔不会被撤销。” Photograph by MIT museum 供图:MIT博物馆 |
|
|
![\"The](http://select./view/40226/\"http://static./assets/2012/01/mit-lab-4f2327d-intro-thumb-640xauto-29794.jpg\")
