#[1]prev [2]next [3]up [4]Atom

[5]leah blogs

  [6]« 32, 040, 0x20, 0b100000 [7]October 2019 [8]Merry Christmas! »

09oct2019 · [9]Ken Thompson's Unix password

  Somewhere around 2014 I found an [10]/etc/passwd file in some dumps of
  the BSD 3 source tree, containing passwords of all the old timers such
  as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Bourne and
  Bill Joy.

  Since the DES-based [11]crypt(3) algorithm used for these hashes is
  well known to be weak (and limited to at most 8 characters), I thought
  it would be an easy target to just crack these passwords for fun.

  Well known tools for this are [12]john and [13]hashcat.

  Quickly, I had cracked a fair deal of these passwords, many of which
  were very weak. (Curiously, bwk used /.,/.,, which is easy to type on a
  QWERTY keyboard.)

  However, kens password eluded my cracking endeavor. Even an exhaustive
  search over all lower-case letters and digits took several days (back
  in 2014) and yielded no result. Since the algorithm was developed by
  Ken Thompson and Robert Morris, I wondered what’s up there. I also
  realized, that, compared to other password hashing schemes (such as
  NTLM), crypt(3) turns out to be quite a bit slower to crack (and
  perhaps was also less optimized).

  Did he really use uppercase letters or even special chars? (A 7-bit
  exhaustive search would still take over 2 years on a modern GPU.)

  The topic [14]came up again earlier this month on [15]The Unix Heritage
  Society mailing list, and I [16]shared my results and frustration of
  not being able to break kens password.

  Finally, today this secret [17]was resolved by Nigel Williams:
From: Nigel Williams <[email protected]>
Subject: Re: [TUHS] Recovered /etc/passwd files

ken is done:

ZghOT0eRm4U9s:p/q2-q4!

took 4+ days on an AMD Radeon Vega64 running hashcat at about 930MH/s
during that time (those familiar know the hash-rate fluctuates and
slows down towards the end).

  This is a chess move in [18]descriptive notation, and the beginning of
  [19]many common openings. It fits very well to Ken Thompson’s
  [20]background in computer chess.

  I’m very happy that this mystery has been solved now and I’m pleased of
  the answer.

  [Update 16:29: fix comment on chess.]

  NP: Mel Stone—By Now


   Copyright © 2004–2019 [21]Leah Neukirchen

References

  1. https://leahneukirchen.org/blog/archive/2019/08/32-040-0x20-0b100000.html
  2. https://leahneukirchen.org/blog/archive/2019/12/merry-christmas.html
  3. https://leahneukirchen.org/blog/archive/2019/10.html
  4. https://leahneukirchen.org/blog/index.atom
  5. https://leahneukirchen.org/blog/
  6. https://leahneukirchen.org/blog/archive/2019/08/32-040-0x20-0b100000.html
  7. https://leahneukirchen.org/blog/archive/2019/10.html
  8. https://leahneukirchen.org/blog/archive/2019/12/merry-christmas.html
  9. https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password.html
 10. https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd
 11. https://minnie.tuhs.org/cgi-bin/utree.pl?file=V7/usr/man/man3/crypt.3
 12. https://www.openwall.com/john/
 13. https://hashcat.net/wiki/
 14. https://inbox.vuxu.org/tuhs/tqkjt9nn7p9zgkk9cm9d@localhost/T/#m160f0016894ea471ae02ee9de9a872f2c5f8ee93
 15. https://www.tuhs.org/
 16. https://inbox.vuxu.org/tuhs/87bluxpqy0.fsf@vuxu.org/
 17. https://inbox.vuxu.org/tuhs/CACCFpdx_6oeyNkgH_5jgfxbxWbZ6VtOXQNKOsonHPF2[email protected]/
 18. https://en.wikipedia.org/wiki/Descriptive_notation
 19. https://en.wikibooks.org/wiki/Chess_Opening_Theory/1._d4
 20. https://www.chessprogramming.org/index.php?title=Ken_Thompson
 21. mailto:[email protected]

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.