I was going through the paper [Password Security: A Case History][1] By Robert Morris and Ken Thompson on authentication. It has been mentioned in the <i>First Scheme</i> that the first encryption used m209, in which they used the user password as the key.<p>The respective excerpt is,<p>> Most of the standard encryption methods used (in the past) for
> encryption of messages are rather easy to invert. A convenient and
> rather good encryption program happened to exist on the system at the
> time; it simulated the M-209 cipher machine [1] used by the U.S. Army
> during World War II. It turned out that the M-209 program was usable,
> but with a given key, the ciphers produced by this program are trivial
> to invert. It is a much more difficult matter to find out the key
> given the cleartext input and the enciphered output of the program.
> Therefore, the password was used not as the text to be encrypted but
> as the key, and a constant was encrypted using this key. The encrypted
> result was entered into the password file.<p>As read through the m209 further, seems like the key wheel can have 6 wheels, in which we can set/unset a specific alphabet.<p>There are some constraints here,
- Only alphabets can be used in the key.
- They are case insensitive.
- Not all the wheels contain all the alphabets that are needed.<p>Given these constraints, any idea what were the constraints on the passwords imposed by the first generation encryption of the password?<p><pre><code> [1]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.128.1635&rep=rep1&type=pdf</code></pre>