SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Father of Unix Ken Thompson checkmated as his old password has finally been cracked
Back in 2014, developer Leah Neukirchen found an /etc/passwd file among a file dump from the BSD 3 source tree that included the passwords used by various computer science pioneers, including Dennis Ritchie, Ken Thompson, Brian Kernighan, Steve Bourne, and Bill Joy.
As she explained in a blog post on Wednesday, she decided at the time to try cracking the password hashes, created using DES-based crypt(3), using various cracking tools like John the Ripper and hashcat.
When the subject surfaced on the Unix Heritage Society mailing list last week, Neukirchen responded with 20 cracked passwords from the file that's she'd broken five years ago. Five hashed passwords, however, remained elusive, including Thompson's.
ZghOT0eRm4U9s
"Even an exhaustive search over all lower-case letters and digits took several days (back in 2014) and yielded no result," wrote Neukirchen, who wondered whether Thompson might somehow have used uppercase or special characters.
The mailing list participants, intrigued by the challenge, set to work on the holdouts. The breakthrough came on Wednesday, from Nigel Williams, a HPC systems administrator based in Hobart, Tasmania.
"Ken is done," he wrote in a post to the mailing list. The cracking effort took more than four days on an AMD Radeon RX Vega 64 running hashcat at a rate of about 930MH/s.
ZghOT0eRm4U9s is a hash of p/q2-q4!
It's a common chess opening in descriptive notation. As Neukirchen observed, Thompson contributed to the development of computer chess.
(Score: 3, Interesting) by choose another one on Thursday October 10 2019, @02:01PM (7 children)
It's also pretty secure, for it's time, and relatively easy to type (assuming two-handed not hunt-and-peck) with both hands remaining in same place - making it relatively good against shoulder-surfing too. He may have used a whole game of chess moves as a rotating set of passwords, memorable and pretty much equally good.
(Score: 2) by Mojibake Tengu on Thursday October 10 2019, @02:24PM (6 children)
Any method of deriving a password/passphrase from reality is bad, real data is vulnerable to perception, sigint and deductive/inductive analysis. Like, carrying shaped metal keys in age of megapixels photography. I admit, am often doing this kind of error myself, too many passwords needed. I am going to fix that, now.
Respect Authorities. Know your social status. Woke responsibly.
(Score: -1, Troll) by Anonymous Coward on Thursday October 10 2019, @03:16PM (1 child)
Make sure your passphrase for SoylentNews is especially long. As you risk so much if it's cracked.
(Score: 0) by Anonymous Coward on Friday October 11 2019, @03:18AM
Yeah! Somebody could take over your account and start posting wild-eyed conspiracy theories or alt-right talking points or something like that!
(Score: 0) by Anonymous Coward on Thursday October 10 2019, @06:50PM (3 children)
Counter argument: correcthorsebatterystaple
(Score: 3, Funny) by Gaaark on Thursday October 10 2019, @08:40PM (2 children)
In this situation, it should be
correctknightbatterystaple
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Friday October 11 2019, @03:16AM (1 child)
Actually, I would have gone with "Queen to queen's level three", but that could be just me.
(Score: 2) by Gaaark on Friday October 11 2019, @12:35PM
I mod u "Fascinating!"
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---