Computing enthusiast cracks ancient Unix code
Credit to Author: Danny Bradbury| Date: Mon, 14 Oct 2019 11:45:15 +0000
Old passwords never die – they just become easier to decode. That’s the message from a tight-knit community of tech history enthusiasts who have been diligently cracking the passwords used by some of the original Unix engineers four decades ago.
On 3 October, an enthusiast on the Unix Heritage Society mailing list asked a question about cracking passwords stored in old Unix systems. The source code for various revisions of Unix from the seventies onward is available online for anyone to download, and these revisions store the passwords for various staff members in the etc/passwd
file.
Unix hashed these passwords by running them through an algorithm called descrypt (also known as crypt(3)), which used the original DES encryption algorithm and limited the password length to eight characters. This was good enough to stop people recovering the password from the original hashes at the time, but 40 years on, computers are a little bit faster.
Developer Leah Neukirchen replied that she’d cracked several of them contained in a version of the BSD operating system from January 1980. However, she still hadn’t managed to crack Ken Thompson’s password. Thompson is one of the fathers of Unix. His original work on its predecessor Multics formed the basis for much of the operating system.
Neukirchen complained:
I never managed to crack Ken’s password with the hash ZghOT0eRm4U9s, and I think I enumerated the whole 8 letter lowercase + special symbols key space.
Thompson, who now works at Google where he developed the Go programming language, also worked on early chess programs including a VAX PDP-11 program called Belle. Perhaps his password should come as no surprise, then. Forum contributor Nigel Williams posted on 8 October that he’d finally cracked it:
ken is done:
ZghOT0eRm4U9s:p/q2-q4!
The hash is the part before the colon, and the plaintext is the part afterwards. q2-q4 is a description of an opening chess move in descriptive notation. Thompson shot back a quick message:
Congrats.
Cracking the password took at least four days on an AMD Radeon Vega64, according to Williams, who administers a retro computing website in Tasmania. He was running the popular password cracking program hashcat.
Thompson’s password might have been short, but it was sneaky, not using obvious things like dictionary words or keys that were sequential on the keyboard (hint: never use the password ‘qwerty’). Other passwords cracked by these enthusiasts showed that many early engineers preferred convenience over security. Some examples that Neukirchen had cracked years ago include:
- Stephen Bourne, creator of the bourne command line shell often used to control Unix:
bourne (cue jokes about the Bourne Identity)
- Eric Schmidt, software engineer and now executive chair of Alphabet:
wendy!!! (this is his wife’s name).
- Canadian computer scientist and Unix contributor Brian Kernighan:
/.,/., (this is the easiest thing to type on a keyboard, as the three characters are next to each other).