Sometime in 2014, in the dumps of the BSD 3 source tree, I found the
/ etc / passwd file with the passwords of all veterans such as Dennis Ritchie, Ken Thompson, Brian W. Kernigan, Steve Bourne and Bill Joy.
For these hashes, the DES-based
crypt (3) algorithm was used - known for its weakness (and with a password length of maximum 8 characters). So I thought it would be easy to crack these passwords for fun.
We take the standard
john and
hashcat brutters .
Pretty quickly I cracked a lot of passwords, most of which were very weak (it is curious that bwk used the password
/.,/.,, - it is easy to type on the QWERTY keyboard).
But Ken's password did not give in to cracking. Even a complete search of all lowercase letters and numbers (a few days in 2014) did not give a result. Since the algorithm was developed by Ken Thompson and Robert Morris, I was wondering what was the matter. I also realized that, compared to other password hashing schemes such as NTLM, crypt (3) is pretty slow (maybe less optimized).
Did he use uppercase letters or even special characters? (A 7-bit full brute force will take more than two years on a modern GPU).
In early October, this topic was
again raised on the
Unix Heritage Society mailing list, and I
shared my results and the disappointment that I could not crack Ken’s password.
Finally, today Nigel Williams revealed this secret:
From: Nigel Williams <nw@retrocomputingtasmania.com>
Subject: Re: [TUHS] File Recovery / etc / passwd
Ken is ready:
ZghOT0eRm4U9s: p / q2-q4!
It took more than four days on the AMD Radeon Vega64 in hashcat at about 930MH / s (aware that the hash rate fluctuates and decreases towards the end).
This is the first two-pawn move in
descriptive notation and the beginning of
many typical openings , which fits very well into
Ken Thompson's computer chess background .
I am very glad that the secret was resolved, and the result is so pleasant.