#[1]prev [2]next [3]up [4]Atom [5]leah blogs [6]« 32, 040, 0x20, 0b100000 [7]October 2019 [8]Merry Christmas! » 09oct2019 · [9]Ken Thompson's Unix password Somewhere around 2014 I found an [10]/etc/passwd file in some dumps of the BSD 3 source tree, containing passwords of all the old timers such as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Bourne and Bill Joy. Since the DES-based [11]crypt(3) algorithm used for these hashes is well known to be weak (and limited to at most 8 characters), I thought it would be an easy target to just crack these passwords for fun. Well known tools for this are [12]john and [13]hashcat. Quickly, I had cracked a fair deal of these passwords, many of which were very weak. (Curiously, bwk used /.,/.,, which is easy to type on a QWERTY keyboard.) However, kens password eluded my cracking endeavor. Even an exhaustive search over all lower-case letters and digits took several days (back in 2014) and yielded no result. Since the algorithm was developed by Ken Thompson and Robert Morris, I wondered what’s up there. I also realized, that, compared to other password hashing schemes (such as NTLM), crypt(3) turns out to be quite a bit slower to crack (and perhaps was also less optimized). Did he really use uppercase letters or even special chars? (A 7-bit exhaustive search would still take over 2 years on a modern GPU.) The topic [14]came up again earlier this month on [15]The Unix Heritage Society mailing list, and I [16]shared my results and frustration of not being able to break kens password. Finally, today this secret [17]was resolved by Nigel Williams: From: Nigel Williams Subject: Re: [TUHS] Recovered /etc/passwd files ken is done: ZghOT0eRm4U9s:p/q2-q4! took 4+ days on an AMD Radeon Vega64 running hashcat at about 930MH/s during that time (those familiar know the hash-rate fluctuates and slows down towards the end). This is a chess move in [18]descriptive notation, and the beginning of [19]many common openings. It fits very well to Ken Thompson’s [20]background in computer chess. I’m very happy that this mystery has been solved now and I’m pleased of the answer. [Update 16:29: fix comment on chess.] NP: Mel Stone—By Now Copyright © 2004–2019 [21]Leah Neukirchen References 1. https://leahneukirchen.org/blog/archive/2019/08/32-040-0x20-0b100000.html 2. https://leahneukirchen.org/blog/archive/2019/12/merry-christmas.html 3. https://leahneukirchen.org/blog/archive/2019/10.html 4. https://leahneukirchen.org/blog/index.atom 5. https://leahneukirchen.org/blog/ 6. https://leahneukirchen.org/blog/archive/2019/08/32-040-0x20-0b100000.html 7. https://leahneukirchen.org/blog/archive/2019/10.html 8. https://leahneukirchen.org/blog/archive/2019/12/merry-christmas.html 9. https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password.html 10. https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd 11. https://minnie.tuhs.org/cgi-bin/utree.pl?file=V7/usr/man/man3/crypt.3 12. https://www.openwall.com/john/ 13. https://hashcat.net/wiki/ 14. https://inbox.vuxu.org/tuhs/tqkjt9nn7p9zgkk9cm9d@localhost/T/#m160f0016894ea471ae02ee9de9a872f2c5f8ee93 15. https://www.tuhs.org/ 16. https://inbox.vuxu.org/tuhs/87bluxpqy0.fsf@vuxu.org/ 17. https://inbox.vuxu.org/tuhs/CACCFpdx_6oeyNkgH_5jgfxbxWbZ6VtOXQNKOsonHPF2=747ZOw@mail.gmail.com/ 18. https://en.wikipedia.org/wiki/Descriptive_notation 19. https://en.wikibooks.org/wiki/Chess_Opening_Theory/1._d4 20. https://www.chessprogramming.org/index.php?title=Ken_Thompson 21. mailto:leah@vuxu.org