Submitted via IRC for Bytram
Father of Unix Ken Thompson checkmated as his old password has finally been cracked
Back in 2014, developer Leah Neukirchen found an /etc/passwd file among a file dump from the BSD 3 source tree that included the passwords used by various computer science pioneers, including Dennis Ritchie, Ken Thompson, Brian Kernighan, Steve Bourne, and Bill Joy.
As she explained in a blog post on Wednesday, she decided at the time to try cracking the password hashes, created using DES-based crypt(3), using various cracking tools like John the Ripper and hashcat.
When the subject surfaced on the Unix Heritage Society mailing list last week, Neukirchen responded with 20 cracked passwords from the file that's she'd broken five years ago. Five hashed passwords, however, remained elusive, including Thompson's.
ZghOT0eRm4U9s
"Even an exhaustive search over all lower-case letters and digits took several days (back in 2014) and yielded no result," wrote Neukirchen, who wondered whether Thompson might somehow have used uppercase or special characters.
The mailing list participants, intrigued by the challenge, set to work on the holdouts. The breakthrough came on Wednesday, from Nigel Williams, a HPC systems administrator based in Hobart, Tasmania.
"Ken is done," he wrote in a post to the mailing list. The cracking effort took more than four days on an AMD Radeon RX Vega 64 running hashcat at a rate of about 930MH/s.
ZghOT0eRm4U9s is a hash of p/q2-q4!
It's a common chess opening in descriptive notation. As Neukirchen observed, Thompson contributed to the development of computer chess.
(Score: 5, Interesting) by janrinok on Thursday October 10 2019, @01:46PM (11 children)
I think this is an excellent example of a complex password (for the time) being easy to remember for the user. To Ken Thompson it was something he didn't have to think about but it used a mixture of unusual keys. Much better than the automated mish-mash of characters that some systems offer and which you are supposed to remember. And it has withstood the test of time until recently.
I am not interested in who people are or where they live. My interest starts and stops at our servers.
(Score: 1, Informative) by Anonymous Coward on Thursday October 10 2019, @02:08PM (9 children)
Those randomish passwords are intended for use with a password manager. That way you just have to remember one password.
I think the term "password" should be phased out in preference for "passphrase" to encourage longer strings.
(Score: 2, Insightful) by nitehawk214 on Thursday October 10 2019, @02:55PM (1 child)
But it is completely stupid to have a site give you a password for use in a password manager. The manager itself should generate the password in a way that there is no possibility of it being logged somewhere.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 3, Informative) by NotSanguine on Thursday October 10 2019, @03:22PM
Or use an offline password manager. I use a closed-source, proprietary password manager with significant vulnerability to "brute force" attacks. It's called my brain.
Lack of password reuse (and lack of *userid* reuse) enhances security further.
And while $5 wrenches are still effective, they are even more effective against a software based password manager. Since giving up the master password for a software password gives an attacker *all* your passwords at once.
Swinging that wrench is hard work!
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by janrinok on Thursday October 10 2019, @03:21PM (6 children)
Genuine question, I don't use a password manager: How do you back up the contents of your password manager in case it gets corrupted? And what protects that backup? At the end of the day it seems to me that the backup is only as secure as the password you apply to it, and that can't be done with the password manager.
I am not interested in who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by etherscythe on Thursday October 10 2019, @06:07PM
I use PasswordSafe. My personal password database resides generally in 2 places (cell phone, home PC) in mostly-current form (and a few other places generally up to a few revisions old), and I merge the changes together every few weeks which produces a backup file which I believe is kept for the last 3 major revisions. So if the latest one is corrupted for some reason, I can usually reproduce it without too much hassle. The backup is just an exact copy, with the same master password as the original. You can easily set a new master password, but I don't use the same password or anything like it for anything else, so I don't see it being lost or stolen. I could probably change it every merge cycle if I was concerned about that, it's easy enough to do. Just keep your last 3 passwords, in the password manager....
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 0) by Anonymous Coward on Thursday October 10 2019, @06:32PM
The same way you backup your photo album, or your word processor documents, or whatever else you have. By setting up a backup system that creates a second (and/or third, forth, etc.) copy of everything onto another device with some form of retention plan so you can pull a copy of a file as it existed two days ago, or one week ago, or two months ago, etc.
Then, if corruption happens, you just step back in time through your backup archive until you find the last non-corrupted version, and replace the corrupted copy with that copy.
Any good backup plan will contain some form of encrypted storage for the backup data. So that is what protects that backup. But remember, the password manager will be an encrypted file to begin with, so even if the backup system merely copied without encrypting, the password manager storage file would already be protected by its own encryption layer.
Actually, the passwords to the backups can be held in the password manager. You just have to:
Then, when you need to access the password for the backups, you need at least one of your plural devices to be operational and capable of opening the manager save file (which will almost always be the case).
Now, if you mean for the situation of where you have only one computing device, well, then, yes, you do get a chicken and egg situation. The solution then is to keep the password in the manager (for use when the one device is operational) and keep a paper backup of that same password in a secure locked location (for use when the one device is no longer operational).
(Score: 0) by Anonymous Coward on Thursday October 10 2019, @09:11PM (3 children)
I use KeePass, and I simply have the password store on multiple devices (all mine) and an offline backup, and there's a copy in my off-site backup. rsync and cron take care of keeping everything except the offline one up to date.
(Score: 0) by Anonymous Coward on Thursday October 10 2019, @09:31PM
KeepAss
(Score: 2) by janrinok on Friday October 11 2019, @07:11AM (1 child)
I'm pleased that you are happy with KeePass.
However, from what I read here, most people use a second device to back up their password data. For many people that simply is not possible. It is easy to imagine that everyone now uses a mobile/cell phone - this is simply not the case. In some places of work, your mobile devices are not permitted inside the workplace and thus are useless as a second device for backing up your passwords at work. Additionally, having to back up to a second on-line device simply provides a second attack surface for anyone trying to collect your passwords. Yep, we believe that they are secure - until the news comes out sometime in the future that they're not.
Finally, if I have understood correctly, whatever piece of software you use to remember your passwords, it is only protected by a single password which, in turn, gives access to the program providing access to all of the others. So, ultimately, it is only as secure as that single password.
I have a system - which I will not detail here for obvious reasons - whereby I can recall in most cases, or at least deduce, the password which tends to be between 20-24 characters in length and uses both cases and symbols, and is linked to the site I am trying to access. I will confess that I have only started using this system in the last 3-4 years and I have, therefore, some passwords which do not follow the rules I have created and which are probably considerably weaker, but none of them give access to anything that would cause me a problem if they were compromised.
I am not interested in who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by Common Joe on Friday October 11 2019, @10:57AM
It's called pick your poison and risk management.
Yes, it's a risk to use a password manager like KeePass (which I use in Windows; I use the variant KeepassXC in Linux). However, the passwords inside are encrypted and it forgets your copied password after specified amount of time, defaulted to 10 or 12 seconds. (I set it for 30 seconds after installation.)
Your method is also risky. You're basing your passwords on a formula that is difficult to change. Once one of your passwords is compromised, it weakens all of your others. Not to mention, it's nice to write encrypted notes and keep URLs associated with logins and passwords. And there are keyboard shortcuts for almost everything.
Finally, as far as backing up passwords: copying the KeePass file is like copying any other file, so it's ultra easy to backup. If you can't backup data in your work environment, then that itself is a problem too, but that problem has nothing to do with passwords or password managers.
(Score: 0) by Anonymous Coward on Friday October 11 2019, @09:20AM
Never use passwords that could be found in a "dictionary"
(Score: 2) by DannyB on Thursday October 10 2019, @01:51PM (15 children)
It sure must be nice to have your login credentials conveniently in the source code to all new systems compiled from that source.
Obligatory: why didn't he use the secure 12345 password?
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 4, Insightful) by hendrikboom on Thursday October 10 2019, @02:22PM (14 children)
The passwords *were* encrypted ... and it *was* policy back then to have the password file be world-readable, so that any process that had to check a password would simply be able to.
And security has been good enough to outlast the lifetime of the hardware being accessed.
-- hendrik
(Score: 2) by DannyB on Thursday October 10 2019, @02:47PM (12 children)
I agree with what you said, but . . . I think you're missing my point. Or, maybe I am misunderstanding something.
If a system is compiled from source, someone's password is part of your system. Is that not true? Some person (although famous) who is not known to you, has a login account on YOUR system. (back in the day)
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 1, Informative) by Anonymous Coward on Thursday October 10 2019, @03:15PM (8 children)
The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.
The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled.
The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.
https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf [cmu.edu]
(Score: 5, Informative) by FatPhil on Thursday October 10 2019, @03:39PM (6 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by DannyB on Thursday October 10 2019, @03:58PM (4 children)
+1 Informative, while I still have mod points to give
There are more techniques. Have a Tiny C compiler implemented in some other language perhaps. (Not BASIC) Maybe on a different system than the target system.
Other thoughts:
What about a translator that takes a C source program, and translates or obfuscates or pessimizes it into a different but functionally identical C program. The obvious first step is randomizing all identifier names (variables, functions, etc). This would still compile to same object code. But also re-arrange procedure order, especially at link time. Add random pessimizations (a "pessimizing" compiler instead of an "optimizing" compiler -- it generates code far worse than the obvious translation but the output is still C source code, and functionally equivalent). Maybe I don't care that the first run of TinyCC is very slow (pessimized).
Ultimately, how do you defeat: Intel Management Engine!
The hardware is subverted. From the factory.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 0) by Anonymous Coward on Thursday October 10 2019, @04:17PM (2 children)
https://www.homebrewcpu.com/photo_gallery.htm [homebrewcpu.com]
https://www.youtube.com/watch?v=Uvvsaj7BBzo [youtube.com]
(Score: 2) by FatPhil on Thursday October 10 2019, @04:40PM (1 child)
I laugh, but this is a heroic bit of nerdy masochism - I approve.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by DannyB on Thursday October 10 2019, @05:50PM
> this is a heroic bit of nerdy masochism
But you don't approve of Java?
🤭
I assume you saw my link a couple days ago [soylentnews.org] to the Java Hello World Enterprise Edition.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 3, Interesting) by FatPhil on Thursday October 10 2019, @04:33PM
Someone needs to build such a compiler, so that we can try to break it! (And thus make version N+1 stronger!)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2, Informative) by Anonymous Coward on Thursday October 10 2019, @04:00PM
Yes, Wheeler's diverse double-compiling. It's not a complete rebuttal to Thompson's moral that no amount of source-level verification ensures protection from untrusted code: DDC checks that the diversely compiled output is bit-for-bit identical to the original compiler output.
(Score: 2) by DannyB on Thursday October 10 2019, @03:45PM
Yes, I am aware of the Trusting Trust. And that is a far more insidious back door.
Also see Bootstrapping C Compilers. [miraheze.org]
But it still is not my point about having someone's login credentials baked into the source code of your newly compiled system. Even if you use a trustworthy compiler bootstrapped from scratch.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 3, Interesting) by FatPhil on Thursday October 10 2019, @03:37PM (1 child)
The fifth field (fs_freq).
This field is used by dump(8) to determine which filesystems need to
be dumped. Defaults to zero (don't dump) if not present.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by DannyB on Thursday October 10 2019, @03:47PM
I might be being too literal. I did suggest "maybe I misunderstand something".
I haven't worked with C since the late 1990s. After a decade and a half of Pascal before that.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by hendrikboom on Thursday October 10 2019, @07:41PM
Now I get your point. You're right.
Someone installing that Unix system would have to go through the /etc/passwd file and remove that baked-in password.
(Score: 2) by FatPhil on Thursday October 10 2019, @03:14PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Interesting) by choose another one on Thursday October 10 2019, @02:01PM (7 children)
It's also pretty secure, for it's time, and relatively easy to type (assuming two-handed not hunt-and-peck) with both hands remaining in same place - making it relatively good against shoulder-surfing too. He may have used a whole game of chess moves as a rotating set of passwords, memorable and pretty much equally good.
(Score: 2) by Mojibake Tengu on Thursday October 10 2019, @02:24PM (6 children)
Any method of deriving a password/passphrase from reality is bad, real data is vulnerable to perception, sigint and deductive/inductive analysis. Like, carrying shaped metal keys in age of megapixels photography. I admit, am often doing this kind of error myself, too many passwords needed. I am going to fix that, now.
Respect Authorities. Know your social status. Woke responsibly.
(Score: -1, Troll) by Anonymous Coward on Thursday October 10 2019, @03:16PM (1 child)
Make sure your passphrase for SoylentNews is especially long. As you risk so much if it's cracked.
(Score: 0) by Anonymous Coward on Friday October 11 2019, @03:18AM
Yeah! Somebody could take over your account and start posting wild-eyed conspiracy theories or alt-right talking points or something like that!
(Score: 0) by Anonymous Coward on Thursday October 10 2019, @06:50PM (3 children)
Counter argument: correcthorsebatterystaple
(Score: 3, Funny) by Gaaark on Thursday October 10 2019, @08:40PM (2 children)
In this situation, it should be
correctknightbatterystaple
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Friday October 11 2019, @03:16AM (1 child)
Actually, I would have gone with "Queen to queen's level three", but that could be just me.
(Score: 2) by Gaaark on Friday October 11 2019, @12:35PM
I mod u "Fascinating!"
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 5, Funny) by RamiK on Thursday October 10 2019, @02:39PM (5 children)
I've got the same combination on my luggage! [youtube.com]
compiling...
(Score: 3, Funny) by All Your Lawn Are Belong To Us on Thursday October 10 2019, @04:25PM
That's the problem... you're surrounded by Soylentholes....
This sig for rent.
(Score: 3, Interesting) by FatPhil on Thursday October 10 2019, @04:57PM (3 children)
I still plan on building an entropy-based dictionary attack where (first you build an approximate model of entropy, and then) you generate every single possible password in increasing entropy order, and test that. The problem is that part of the requirement is to evaluate the entropy of the application of various filters that people might apply to the simplest building blocks. I'd need to analyse a lot of used passwords to evaluate those. For example "append a digit" is an add-2-or-4-bits-of-entropy filter ("add a 1" being 2 bits at most). Worst would be pruning of passwords that have multiple parent nodes. So "up" and "side" would be lowish entropy components, but the application of "join 2 words" would lead to "upside" which would already be known as a lowish-entropy word. Similarly, "leetify word" might lead to the same new word as "append a digit" if the leetified word now ended with a "1".
Never get hooked on information theory, it'll drive you mad!
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Interesting) by RamiK on Thursday October 10 2019, @07:49PM
You can try and train a neural net on one of the leaked password databases to try and predict passwords based on account meta. Or just go through it manually and stat certain patterns you notice to see how common they (and their variants) are.
compiling...
(Score: 2) by NotSanguine on Thursday October 10 2019, @08:18PM (1 child)
The obvious solution is to add enough entropy to make brute force/dictionary attacks impractical.
As an example, take a common phrase/quote/song lyric like "That's what she said" and modify it to be "Twat's said her hat?" or "In the town where I was born" and modify it to be "Into the townies I was borne" or similar.
This increases entropy against brute force attacks, and confounds phrase dictionary attacks as well. What's more, once you've created your *modified* phrase, it's just as memorable as the original -- at least to you.
And now I will ruin another perfectly good password/phrase by posting it here:
Modify "Four score and seven years ago, our forefathers..." to "More points and every yore from now, my mother..."
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Interesting) by FatPhil on Friday October 11 2019, @07:06AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Funny) by Anonymous Coward on Thursday October 10 2019, @04:54PM (8 children)
That's why I use ZZZZZZZZ as my password so that it's the last one they think try to brute force!
(Score: 0) by Anonymous Coward on Thursday October 10 2019, @06:39PM (3 children)
Unless they decide to try brute force in reverse......
(Score: 1) by DECbot on Thursday October 10 2019, @07:53PM (1 child)
That's why I use ZZZZaaaa, so it takes the same amount of time to brute force when transversing the dictionary forwards or reverse.
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Friday October 11 2019, @03:21AM
Yep. That's why I always use 99991111 as my pin number.
(Score: 2) by Osamabobama on Thursday October 10 2019, @08:10PM
So, MMMMMMMM, then?
Appended to the end of comments you post. Max: 120 chars.
(Score: 3, Funny) by stretch611 on Thursday October 10 2019, @09:27PM (2 children)
I use ********** so that it hides in plain site while entering it through web browsers
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 1, Funny) by Anonymous Coward on Thursday October 10 2019, @09:57PM (1 child)
I use hunter2 also.
(Score: 2) by coolgopher on Thursday October 10 2019, @11:26PM
For anyone not already in on that joke, see the origin [bash.org] of it.
(Score: 0) by Anonymous Coward on Friday October 11 2019, @01:41AM
(Score: 3, Interesting) by Muad'Dave on Friday October 11 2019, @12:18PM
A small nit - that's the shortest password that results in the given hash. Since the 56 bit DES algorithm used in crypt back then only took the lower 7 bits from the first 8 bytes of the password, any password that starts with the string "p/q2-q4!" will generate the same hash.
Don't believe me? Try it here [unix4lyfe.org] - enter the salt "Zg" in the DES salt field and the password and hit "calculate DES".