Immediately after switching the page, it will work with CSR.
Please reload your browser to see how it works.
The citations for password hashing need to include Roger Needham, who invented it in the late 1960s, as reported by Wilkes in 1973. https://onlinelibrary.wiley.com/doi/10.1002/spe.4380030404
Password cracking took off in a big way with Alec Muffett’s `crack` in 1991 https://en.wikipedia.org/wiki/Crack_(password_software) which was written to do the research on password strength that Stuart Schechter wanted. It became obvious right away that many passwords were weak.
Stuart’s suggestion to encrypt passwords using RSA (so that they could be analysed by the holder of the private key) is cunning, but it would not have had the effect that Stuart expected. Crack was around and demonstrating the problem for decades before password policies changed.
It’s also not true that password hashing was universal after the 1970s. There were lots of systems that stored them in the clear, in particular to support challenge-response authentication (eg NETBIOS). There was a period roughly covering the 1990s where networks were unencrypted (so basic password authentication was very weak) and passwords were no longer stored in world-readable files on timesharing servers. It seemed reasonable then to keep passwords in the clear — but we soon learned that password database leaks are common despite our best efforts, and that was not widely recognised until years into this century.
So for those two reasons I think Stuart’s argument is wrong about the reason that password policies remained so boneheaded for so long. There was no lack of evidence of the ways in which passwords were weak — not just from `crack`, but also plenty of reports about how users react to password reset policies by making their passwords weaker — so hashed password storage was not preventing researchers from analysing the issue.