Pre par godina je na nekom backup-u nađen stari etc/password fajl iz prve verzije BSD 3 Unix-a, i tu su lozinke ljudi koji su ga pravili, između ostalih i velikih imena kao što su Brian W. Kernighan, Dennis Ritchie, Ken Thompson, Bill Joy (osnivač SUN-a), Steve Bourne (tvorac bourne shell-a)...

I od tad razni hakeri pokušavaju da grubom silom nađu koje su password-e dotični koristili. Danas je "pao" Ken Thompson, čiji je password bio p/q2-q4! što je u nekoj opskurnoj šahovskoj notaciji oznaka za "kraljičin pion dva polja unapred", što bismo mi rekli d2d4, uvod u damin gambit i neka druga otvaranja... Što ima logike jer se Thompson bavio i šahovskim programima.

Evo svih password-a, za sada se još "drži" Bill Joy čija lozinka nije provaljena.

root:OVCPatZ8RFmFY:Ernie Co-vax --> cowperso

daemon:*:The devil himself --> (login not allowed)

bill:.2xvLVqGHJm8M:Bill Joy --> (password still unknown)

ozalp:m5syt3.lB5LAE:Ozalp Babaoglu --> 12ucdort

sklower:8PYh/dUBQT9Ss:Keith Sklower --> theik!!!

kridle:4BkcEieEtjWXI:Bob Kridle --> jilland1

kurt:olqH1vDqH38aw:Kurt Shoens --> sacristy

schmidt:FH83PFo4z55cU:Eric Schmidt --> wendy!!!

hpk:9ycwM8mmmcp4Q:Howard Katseff --> graduat;

tbl:cBWEbG59spEmM:Tom London --> ..pnn521

jfr:X.ZNnZrciWauE:John Reiser --> 5%ghj

mark:Pb1AmSpsVPG0Y:Mark Horton --> uio

dmr:gfVwhuAMF0Trw:Dennis Ritchie --> dmac

ken:ZghOT0eRm4U9s:Ken Thompson --> p/q2-q4!

sif:IIVxQSvq1V9R2:Stuart Feldman --> axolotl

scj:IL2bmGECQJgbk:Steve Johnson --> pdq;dq

pjw:N33.MCNcTh5Qw:Peter J. Weinberger --> uucpuucp

bwk:ymVglQZjbWYDE:Brian W. Kernighan --> /.,/.,

uucp:P0CHBwE/mB51k:UNIX-to-UNIX Copy --> whatnot

srb:c8UdIntIZCUIA:Steve Bourne --> bourne

finger::The Finger Program --> (no pw but runs a program, not a login shell)

who::The Who Program --> (no password but runs a program, not a login shell)

w::The W Program --> (no password but runs a program, not a login shell)

mckusick:AAZk9Aj5/Ue0E:Kirk McKusick --> foobar

peter:Nc3IkFJyW2u7E:Peter Kessler -- ...hello

henry:lj1vXnxTAPnDc:Robert Henry --> sn74193n

jkf:9ULn5cWTc0b9E:John Foderaro --> sherril.

fateman:E9i8fWghn1p/I:Richard Fateman --> apr1744

fabry:d9B17PTU2RTlM:Bob Fabry --> 561cml..

network:9EZLtSYjeEABE:(no name listed) --> network (runs a program, not a login shell)

tty:: --> (no password but runs a program, not a login shell)

Najgori od sve dece :) je Steve Bourne koji je za lozinku izabrao... bourne. Nije mnogo bolji ni Brian Kernighan koji je koristio /.,/., radi lakšeg kucanja. Ili Dennis Ritchie, koji je stavio dmac. Neki su koristili datum rođenja (Fateman), imena žena/devojaka (jilland1, wendy!!!, sherril.), neku običnu reč tipa whatnot, foobar, hello)... Od boljih pokušaja, Robert Henry je koristi sn74193n što je binarni counter na 7400 familiji čipova, Stuart Feldman je stavio axolotl što je nekakva meksička amfibija koju zovu "hodajuća riba", a Ozalp Babaoglu - ko god da je to, ali očito Turčin - je koristio 12ucdort što je 1, 2, 3, 4 na turskom jeziku :)

Pa sad vi vidite koji password koristite, možda će - kad postanete slavni - kroz 50 godina neko naći backup vašeg kompjutera pa tadašnjim daleko bržim mašinama krekovati vaš hash...

Pozdrav, Dejan

https://leahneukirchen.org/blog/archive/2019/10/ken-thompson-s-unix-password...

09oct2019 · Ken Thompson's Unix password

Somewhere around 2014 I found an https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd /etc/passwd file in some dumps of the BSD 3 source tree, containing passwords of all the old timers such as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Bourne and Bill Joy.

Since the DES-based https://minnie.tuhs.org/cgi-bin/utree.pl?file=V7/usr/man/man3/crypt.3 crypt(3) algorithm used for these hashes is well known to be weak (and limited to at most 8 characters), I thought it would be an easy target to just crack these passwords for fun.

Well known tools for this are https://www.openwall.com/john/ john and https://hashcat.net/wiki/ hashcat.

Quickly, I had cracked a fair deal of these passwords, many of which were very weak. (Curiously, bwk used /.,/.,, which is easy to type on a QWERTY keyboard.)

However, kens password eluded my cracking endeavor. Even an exhaustive search over all lower-case letters and digits took several days (back in 2014) and yielded no result. Since the algorithm was developed by Ken Thompson and Robert Morris, I wondered what’s up there. I also realized, that, compared to other password hashing schemes (such as NTLM), crypt(3) turns out to be quite a bit slower to crack (and perhaps was also less optimized).

Did he really use uppercase letters or even special chars? (A 7-bit exhaustive search would still take over 2 years on a modern GPU.)

The topic https://inbox.vuxu.org/tuhs/tqkjt9nn7p9zgkk9cm9d@localhost/T/#m160f0016894ea471ae02ee9de9a872f2c5f8ee93 came up again earlier this month on https://www.tuhs.org/ The Unix Heritage Society mailing list, and I https://inbox.vuxu.org/tuhs/87bluxpqy0.fsf@vuxu.org/ shared my results and frustration of not being able to break kens password.

Finally, today this secret https://inbox.vuxu.org/tuhs/CACCFpdx_6oeyNkgH_5jgfxbxWbZ6VtOXQNKOsonHPF2=747ZOw@mail.gmail.com/ was resolved by Nigel Williams:

From: Nigel Williams <nw@retrocomputingtasmania.com mailto:nw@retrocomputingtasmania.com > Subject: Re: [TUHS] Recovered /etc/passwd files

ken is done:

ZghOT0eRm4U9s:p/q2-q4!

took 4+ days on an AMD Radeon Vega64 running hashcat at about 930MH/s during that time (those familiar know the hash-rate fluctuates and slows down towards the end).

This is a chess move in https://en.wikipedia.org/wiki/Descriptive_notation descriptive notation, and the beginning of https://en.wikibooks.org/wiki/Chess_Opening_Theory/1._d4 many common openings. It fits very well to Ken Thompson’s https://www.chessprogramming.org/index.php?title=Ken_Thompson background in computer chess.

I’m very happy that this mystery has been solved now and I’m pleased of the answer.

[Update 16:29: fix comment on chess.]

NP: Mel Stone—By Now

Sent from my iPad 2018