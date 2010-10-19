from the simple-but-complex dept.
Father of Unix Ken Thompson checkmated as his old password has finally been cracked
Back in 2014, developer Leah Neukirchen found an /etc/passwd file among a file dump from the BSD 3 source tree that included the passwords used by various computer science pioneers, including Dennis Ritchie, Ken Thompson, Brian Kernighan, Steve Bourne, and Bill Joy.
As she explained in a blog post on Wednesday, she decided at the time to try cracking the password hashes, created using DES-based crypt(3), using various cracking tools like John the Ripper and hashcat.
When the subject surfaced on the Unix Heritage Society mailing list last week, Neukirchen responded with 20 cracked passwords from the file that's she'd broken five years ago. Five hashed passwords, however, remained elusive, including Thompson's.
"Even an exhaustive search over all lower-case letters and digits took several days (back in 2014) and yielded no result," wrote Neukirchen, who wondered whether Thompson might somehow have used uppercase or special characters.
The mailing list participants, intrigued by the challenge, set to work on the holdouts. The breakthrough came on Wednesday, from Nigel Williams, a HPC systems administrator based in Hobart, Tasmania.
"Ken is done," he wrote in a post to the mailing list. The cracking effort took more than four days on an AMD Radeon RX Vega 64 running hashcat at a rate of about 930MH/s.
ZghOT0eRm4U9s is a hash of p/q2-q4!
It's a common chess opening in descriptive notation. As Neukirchen observed, Thompson contributed to the development of computer chess.
(Score: 2) by janrinok on Thursday October 10, @01:46PM
I think this is an excellent example of a complex password (for the time) being easy to remember for the user. To Ken Thompson it was something he didn't have to think about but it used a mixture of unusual keys. Much better than the automated mish-mash of characters that some systems offer and which you are supposed to remember. And it has withstood the test of time until recently.
(Score: 2) by DannyB on Thursday October 10, @01:51PM
It sure must be nice to have your login credentials conveniently in the source code to all new systems compiled from that source.
Obligatory: why didn't he use the secure 12345 password?
(Score: 2) by choose another one on Thursday October 10, @02:01PM
It's also pretty secure, for it's time, and relatively easy to type (assuming two-handed not hunt-and-peck) with both hands remaining in same place - making it relatively good against shoulder-surfing too. He may have used a whole game of chess moves as a rotating set of passwords, memorable and pretty much equally good.