From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 77f166a9 for ; Tue, 8 Oct 2019 17:39:24 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 263419BC18; Wed, 9 Oct 2019 03:39:23 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 16CBE9B9B4; Wed, 9 Oct 2019 03:38:51 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (1024-bit key; unprotected) header.d=kilonet.net header.i=@kilonet.net header.b="S8r76y2O"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id A3E7B9B9B4; Wed, 9 Oct 2019 03:38:48 +1000 (AEST) Received: from p3plsmtpa09-06.prod.phx3.secureserver.net (p3plsmtpa09-06.prod.phx3.secureserver.net [173.201.193.235]) by minnie.tuhs.org (Postfix) with ESMTPS id 06FBC9B9AF for ; Wed, 9 Oct 2019 03:38:48 +1000 (AEST) Received: from medusa.kilonet.net ([72.69.223.115]) by :SMTPAUTH: with ESMTPA id HtReiDwVotYe3HtRfix1bx; Tue, 08 Oct 2019 10:38:47 -0700 Received: from [199.89.231.101] (ender.kilonet.net [199.89.231.101]) by medusa.kilonet.net (8.14.8/8.15.1) with ESMTP id x98HckvH004327 for ; Tue, 8 Oct 2019 13:38:46 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kilonet.net; s=default; t=1570556326; bh=ckj6nq/y9S8WOOUS6XxM1yTaSxZ3yBXXbHHivGU5+C4=; h=Subject:To:References:From:Date:In-Reply-To; b=S8r76y2O37TFFS9Ki0Gpe4ugi2ZJsKA5LhoIsDQjqTiyAY7trZJ07+KOc00jZgZQX TaLrC6TJbzwqWj3bs2N6EsViDjCRlD4bOzAFG9IK2nPrQfSv5OU9XUHvaRGxBzxtaq cjqb2oI+tcOLOsaXn62GbFLxh2e8W9Q+Pyd5T028= To: tuhs@minnie.tuhs.org References: <6dceffe228804a76de1e12f18d1fc0dc@inventati.org> <87bluxpqy0.fsf@vuxu.org> <20191005180503.GA31679@tom-desk.erg.abdn.ac.uk> From: Arthur Krewat Message-ID: Date: Tue, 8 Oct 2019 13:38:42 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191005180503.GA31679@tom-desk.erg.abdn.ac.uk> Content-Type: multipart/alternative; boundary="------------E85155746C6F9D221BE76FDD" Content-Language: en-US X-CMAE-Envelope: MS4wfIvy1ng1WIwum7GFZmNLqGaAmcmtQ0AHRLVfaF0+B1f5ZEh8ihSjPLgPE7IVNXJeJg933OgbpFinQHSR0cc/LQMTlQwf5SvZ+rc0RKa74kh1NbMWWw73 WhPrDDB2AuAD8e9POcPPaw0gApKyoc+fxAB2pQSv6lYG+PNKeyIB5o2IzofJva7ACy66d6EFBBxNcA== Subject: Re: [TUHS] Recovered /etc/passwd files X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" This is a multi-part message in MIME format. --------------E85155746C6F9D221BE76FDD Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit I have some more out of this list, but not sure if I should send them or not. Ken's has not been cracked - yet. ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh On 10/5/2019 2:05 PM, Tom Jones wrote: > On Thu, Oct 03, 2019 at 09:30:31PM +0200, Leah Neukirchen wrote: >> Finn O'Leary writes: >> >>> Hi, I remember that someone had recovered some ancient /etc/passwd files >>> and had decrypted(?) them, and I remember reading that either ken or >>> dmr's >>> password was something interesting like './,..,/' (it was entirely >>> punctuation characters, was around three different characters in >>> total, and >>> was pretty damn short). I've tried to find this since, as a friend was >>> interested in it, and I cannot for the life of me find it! >> I did this once, but I never managed to crack all of them. >> It was bwk who used /.,/., >> >> My findings (from https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd): >> >> gfVwhuAMF0Trw:dmac >> Pb1AmSpsVPG0Y:uio >> ymVglQZjbWYDE:/.,/., >> c8UdIntIZCUIA:bourne >> AAZk9Aj5/Ue0E:foobar >> E9i8fWghn1p/I:apr1744 >> IIVxQSvq1V9R2:axolotl >> 9EZLtSYjeEABE:network >> P0CHBwE/mB51k:whatnot >> Nc3IkFJyW2u7E:...hello >> olqH1vDqH38aw:sacristy >> 9ULn5cWTc0b9E:sherril. >> N33.MCNcTh5Qw:uucpuucp >> FH83PFo4z55cU:wendy!!! >> OVCPatZ8RFmFY:cowperso >> X.ZNnZrciWauE:5%ghj >> IL2bmGECQJgbk:pdq;dq >> 4BkcEieEtjWXI:jilland1 >> 8PYh/dUBQT9Ss:theik!!! >> lj1vXnxTAPnDc:sn74193n >> >> But I never managed to crack ken's password with the hash >> ZghOT0eRm4U9s, and I think I enumerated the whole >> 8 letter lowercase + special symbols key space. >> >> The uncracked ones are: >> >> ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh > m5syt3.lB5LAE:12ucdort > >> hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh >> tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl >> ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken >> fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh > I pointed my FreeBSD build machine at the password file, but it didn't > manage many guesses a second (55000 per core with 48 cores, using john). > > I asked a friend to point their GPU rig at the password file. It is a > MSI Graphics Card R9 290X and is doing about 255MHashes/Second using > hashcat. He is going to do the alphanumeric space and then call it a > day. > > "for hashcat, 80s DES crypt is -m 1500" > > - [tj] > --------------E85155746C6F9D221BE76FDD Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit I have some more out of this list, but not sure if I should send them or not. Ken's has not been cracked - yet.

ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh

hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh

tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl

ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken

fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh





On 10/5/2019 2:05 PM, Tom Jones wrote:
On Thu, Oct 03, 2019 at 09:30:31PM +0200, Leah Neukirchen wrote:

Finn O'Leary <finnoleary@inventati.org> writes:


Hi, I remember that someone had recovered some ancient /etc/passwd files
and had decrypted(?) them, and I remember reading that either ken or
dmr's
password was something interesting like './,..,/' (it was entirely
punctuation characters, was around three different characters in
total, and
was pretty damn short). I've tried to find this since, as a friend was
interested in it, and I cannot for the life of me find it!

I did this once, but I never managed to crack all of them.
It was bwk who used /.,/.,

My findings (from https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd):

gfVwhuAMF0Trw:dmac
Pb1AmSpsVPG0Y:uio
ymVglQZjbWYDE:/.,/.,
c8UdIntIZCUIA:bourne
AAZk9Aj5/Ue0E:foobar
E9i8fWghn1p/I:apr1744
IIVxQSvq1V9R2:axolotl
9EZLtSYjeEABE:network
P0CHBwE/mB51k:whatnot
Nc3IkFJyW2u7E:...hello
olqH1vDqH38aw:sacristy
9ULn5cWTc0b9E:sherril.
N33.MCNcTh5Qw:uucpuucp
FH83PFo4z55cU:wendy!!!
OVCPatZ8RFmFY:cowperso
X.ZNnZrciWauE:5%ghj
IL2bmGECQJgbk:pdq;dq
4BkcEieEtjWXI:jilland1
8PYh/dUBQT9Ss:theik!!!
lj1vXnxTAPnDc:sn74193n

But I never managed to crack ken's password with the hash
ZghOT0eRm4U9s, and I think I enumerated the whole
8 letter lowercase + special symbols key space.

The uncracked ones are:

ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh

m5syt3.lB5LAE:12ucdort


hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh
tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl
ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken
fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh

I pointed my FreeBSD build machine at the password file, but it didn't
manage many guesses a second (55000 per core with 48 cores, using john). 

I asked a friend to point their GPU rig at the password file. It is a
MSI Graphics Card R9 290X and is doing about 255MHashes/Second using
hashcat. He is going to do the alphanumeric space and then call it a
day.

    "for hashcat, 80s DES crypt is -m 1500"

- [tj]

--------------E85155746C6F9D221BE76FDD--