From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id cbc0ae9b for ; Fri, 18 Oct 2019 15:02:24 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 252799B651; Sat, 19 Oct 2019 01:02:23 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 7F7889B553; Sat, 19 Oct 2019 01:01:53 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 6E59D9B553; Sat, 19 Oct 2019 01:01:51 +1000 (AEST) Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by minnie.tuhs.org (Postfix) with ESMTPS id 381F59B552 for ; Sat, 19 Oct 2019 01:01:50 +1000 (AEST) Received: by mail-wr1-f47.google.com with SMTP id p4so6619072wrm.8 for ; Fri, 18 Oct 2019 08:01:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=53pY87FhcYIb7hpn4RPRjkJ9wknixNjNtmX0LWIqAOE=; b=HP8wXBG/TwhWpBYqZ9eS/64bJXCtzOsoSdZ/CJmpnY/buCs1kOWeQ5ILdnluStlLfV vkj4UcBpEbv0CQAHjyxA0ZZX91RODtYhRP01Jowtn96BKHuYz4rnaujBhRxCy/uSq8cC EsQEZnWkvgIYvIZOyW3/a/9sLPYMg/IT0BclusxLu6YsJPcDzxYUObGzzd1R3NyLSoM5 1net/VTKpWQ0nh8Eq4QkbLJ/bPkY+lzXB28Rs1Sq4yao7iW7bNvM/Hi1wYQzKajqcAzl fbjKoKBRSazJYLYyTJ5xkxJlqjPBgSeceWwpTkyIUTNOnPeoiLKZMKem8mAAEwxoOV6s T5SA== X-Gm-Message-State: APjAAAVylzxkEgCMMa4pJ5pXVxfcIMOfXabCv6yrhw0OJQWk1l0mobQK o6Svr0Y82tC5Lu8J0u1MvL8S3pGUAgiHHpWTkObhKmf+p6M= X-Google-Smtp-Source: APXvYqzzaZSOOKSkgQ+/ibfV5JFdxnDO54C1qUzlRkdY2o7xYzgdJndOeH/z06gyRUXZ2hq0uIONU4Xpo5uAdYP5nKg= X-Received: by 2002:a5d:4902:: with SMTP id x2mr2874899wrq.374.1571410908309; Fri, 18 Oct 2019 08:01:48 -0700 (PDT) MIME-Version: 1.0 References: <1570559927.29337.for-standards-violators@oclsc.org> <2e6e1005-3bbf-5dcc-3fcc-099864c752dc@kilonet.net> <8088e5bd-3530-d3e1-8066-db6ea9389dea@kilonet.net> <3054d652-7320-a99b-df24-67001f974d39@kilonet.net> <8736g06byw.fsf@vuxu.org> <90ffe509-76b5-6629-c55a-7785815fda2e@kilonet.net> In-Reply-To: <90ffe509-76b5-6629-c55a-7785815fda2e@kilonet.net> From: Royce Williams Date: Fri, 18 Oct 2019 07:01:12 -0800 Message-ID: To: tuhs@minnie.tuhs.org Content-Type: multipart/alternative; boundary="000000000000fc6e200595309c96" Subject: Re: [TUHS] Recovered /etc/passwd files X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --000000000000fc6e200595309c96 Content-Type: text/plain; charset="UTF-8" On Fri, Oct 18, 2019 at 6:35 AM Arthur Krewat wrote: > This has been solved. > > First attempted was a full 8-character upper/lower/numeric brute force > which took over 6 days and failed. > > Second attempt was lower-case with control characters, and succeeded in > around 40 minutes. > > There's a control character in it ;) > I'd long suspected that someone would have done this; it would be a great way to expand the total keyspace, and extend the life of But given Ken's seminal work in password stretching and keyspace analysis, I always suspected that it was ken, not bill. in 2015, I was intrigued by the idea that he'd left a little puzzle in a hash that he knew would be publicly available. I even went so far as to construct a small FPGA cluster in pursuit of that theory: https://www.techsolvency.com/passwords/ztex/ What original caught my attention was the logic behind enforcing password quality in passwd.c during a specific era of BSD code, which exited ambiguously in a double negative of sorts, where control characters were not disallowed during password entry. (I'll try to dig up the source.) Anyway, I must have made an error in my original work in 2015, in which I found both of ken's: https://twitter.com/TychoTithonus/status/1182181560264491008 ... but managed to miss bill's entirely, thinking that it had already been cracked. In the superset of all CSRG-published distros, there are slightly more than 1400 total hashes, and one of bill's appears to have been lost in the shuffle (the other was trivial). So some hearty (and bittersweet!) kudos for solving this puzzle! It is what drove me into password auditing as a passion (and profession). Royce -- Royce Williams Tech Solvency --000000000000fc6e200595309c96 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Fri, Oct 18, 2019 at 6:35 AM Arthur Kr= ewat <krewat@kilonet.net> w= rote:
This has been solved.

First attempted was a full 8-character upper/lower/numeric brute force
which took over 6 days and failed.

Second attempt was lower-case with control characters, and succeeded in around 40 minutes.

There's a control character in it ;)

I'd long suspected that someone would have done this; it would be a g= reat way to expand the total keyspace, and extend the life of
But given Ken's seminal work in password stretching and key= space analysis, I always suspected that it was ken, not bill.=C2=A0

in 2015, I was intrigued by the idea that he'd left a= little puzzle in a hash that he knew would be publicly available. I even w= ent so far as to construct a small FPGA cluster in pursuit of that theory:<= /div>


<= /div>
What original caught my attention was the logic behind enforcing = password quality in passwd.c during a specific era of BSD code, which exite= d ambiguously in a double negative of sorts, where control characters were = not disallowed during password entry. (I'll try to dig up the source.)<= /div>

Anyway, I must have made an error in my original w= ork in 2015, in which I found both of ken's:

<= a href=3D"https://twitter.com/TychoTithonus/status/1182181560264491008">htt= ps://twitter.com/TychoTithonus/status/1182181560264491008

... but managed to miss bill's entirely, thinking that = it had already been cracked. In the superset of all CSRG-published distros,= there are slightly more than 1400 total hashes, and one of bill's appe= ars to have been lost in the shuffle (the other was trivial).
So some hearty (and bittersweet!) kudos for solving this puzzle= ! It is what drove me into password auditing as a passion (and profession).=

Royce

--
Royce= Williams
Tech Solvency
--000000000000fc6e200595309c96--