Sometime in 2014, in BSD 3 source tree dumps, I found the file with the passwords of all veterans such as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Born and Bill Joy.
For these hashes, the algorithm was used based on DES - known for its weakness (and with a maximum password length of 8 characters). So I thought it would be easy to crack these passwords for fun.
We take standard bruter ΠΈ .
Pretty quickly, I cracked a lot of passwords, most of which were very weak (curiously, bwk used the password /.,/.,, - it is easy to type on a QWERTY keyboard).
But Ken's password was unbreakable. Even a complete search of all lowercase letters and numbers (a few days in 2014) did not give a result. Since the algorithm was developed by Ken Thompson and Robert Morris, I was wondering what was the matter. I also realized that, compared to other password hashing schemes like NTLM, crypt(3) is quite slow to brute force (perhaps less optimized).
Did he use uppercase letters or even special characters? (A 7-bit full brute force would take over two years on a modern GPU).
In early October, this topic on the mailing list , and I and disappointment that she couldn't crack Ken's password.
Finally, today Nigel Williams revealed this secret:
From: Nigel Williams[email protected]>
Subject: Re: [TUHS] Restoring /etc/passwd filesKen is ready
ZghOT0eRm4U9s:p/q2-q4!
It took more than four days on an AMD Radeon Vega64 in hashcat at about 930MH/s (those in the know that hashrate fluctuates and drops towards the end).
This is the first pawn move two squares in and start , which fits very well with .
I am very glad that the mystery was solved, and the result is so pleasant.
Source: habr.com