The Unix Heritage Society mailing list
 help / color / Atom feed
From: Arthur Krewat <krewat@kilonet.net>
To: tuhs@minnie.tuhs.org
Subject: Re: [TUHS] Recovered /etc/passwd files
Date: Sat, 5 Oct 2019 13:49:27 -0400
Message-ID: <e0468b1c-2b5c-803c-3baf-77cd9a424e90@kilonet.net> (raw)
In-Reply-To: <20191005172944.GI20298@localhost>

I cracked a root password for a certain system, back in the ARPANET days.

If memory serves, it was 5 characters.

I was able to get my hands on the crypt() source, and figure out that 
the first part of it was intentionally "lengthy" and it just 
pre-computed a bunch of stuff on purpose. At least, that's my memory of 
it at the time.

I was able to separate that precompute part, and then loop through all 
combinations further down the crypt() function. Made it a lot faster.

Was able to crack a 5-character password in less than a week (or maybe 
it was a few days) on a VAX-11/750. Of course, it was a simple password 
consisting of lower-case alpha and no numerics.

I think the first letter of the password was "b" which helped a lot ;)

Nowadays, run hashcat on an HPC cluster and you can break a lot of stuff...

art k.


On 10/5/2019 1:29 PM, Michael Kjörling wrote:
> On 3 Oct 2019 18:51 +0000, from finnoleary@inventati.org (Finn O'Leary):
>> password was something interesting like './,..,/' (it was entirely
>> punctuation characters, was around three different characters in total, and
>> was pretty damn short).
> I'm a bit late to the party here (it's been a crazy week for me and
> I'm only just now starting to catch up), but don't forget that hashed
> Unix passwords back then were limited to eight bytes (actually I
> believe the hard limit was 64 bits' worth of password, so if your
> system used less than 8 bits per character, you could theoretically
> cram more _characters_ into the password, but not more _entropy_,
> which topped out at 2^64 no matter what you did, and in practice a
> fair bit less because you wanted to be able to type it in).
>
> Of course, this wasn't a problem in practice when even just hashing a
> single candidate password took noticable fractions of a second. At 100
> ms per hash, while you could exhaustively search the lower
> alphanumerics four characters space within about two days (my
> calculator says 1.944 * 86400 seconds for that) if you could hog the
> computer for everyone, by the time you got to six characters the same
> search would take almost 7 years, and eight characters the better part
> of 9000 years (assuming you kept running it on the same hardware for
> the duration).
>
> Adding uppercase A-Z alongside lowercase a-z and 0-9 increases the
> exhaustive search time even for the four characters password space to
> about 17 days at 100 ms per hash. So with no additional information
> for an attacker, even a [a-zA-Z0-9]{4} password was tolerably secure,
> and a [a-zA-Z0-9]{5} one was more than good enough if you changed it
> once a year (would take about three years to crack at 100 ms/hash).
>
> William Cheswick mentioned 8e9 hashes per second. While that sounds
> low for good ol' Unix crypt() to me, at that rate, an exhaustive
> search of [a-z0-9]{8} would take about 353 days, again according to my
> calculator. [a-z0-9]{4} would finish in about 18 seconds. My _guess_,
> without having looked up current numbers, is that these figures are at
> least some two orders of magnitude too high given modern hardware.
> Just look at EFF's good ol' Deep Crack.
>
> I wasn't really around much at the time, but if _The Cuckoo's Egg_ is
> to be believed, the bigger problem was that people in general weren't
> any better at choosing good passwords (or keeping them secret) back
> then than they are today. That honestly wouldn't particularly surprise
> me. Technology advances, but people remain largely the same?
>


  reply index

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-03 18:51 Finn O'Leary
2019-10-03 19:30 ` Leah Neukirchen
2019-10-03 20:41   ` Finn O'Leary
2019-10-03 22:04     ` Steffen Nurpmeso
2019-10-03 23:24     ` Dave Horsfall
2019-10-04  0:59       ` WIlliam Cheswick
2019-10-04 16:08         ` Arthur Krewat
2019-10-04 10:29       ` Leah Neukirchen
2019-10-04 15:05         ` Ken Thompson via TUHS
2019-10-05 18:05   ` Tom Jones
2019-10-08 17:38     ` Arthur Krewat
2019-10-08 20:40       ` Dave Horsfall
2019-10-08 20:57         ` Arthur Krewat
2019-10-09 12:55       ` Leah Neukirchen
2019-10-09 16:17         ` Arthur Krewat
2019-10-05 17:29 ` Michael Kjörling
2019-10-05 17:49   ` Arthur Krewat [this message]
2019-10-08 18:38 Norman Wilson
2019-10-08 18:51 ` Arthur Krewat
2019-10-08 21:02   ` Dave Horsfall
2019-10-08 21:22     ` Arthur Krewat
2019-10-09  5:49       ` Nigel Williams
2019-10-09  5:52         ` Nigel Williams
2019-10-09  6:00           ` Warner Losh
2019-10-09  8:16             ` Andy Kosela
2019-10-09  8:53               ` Ken Thompson via TUHS
2019-10-09  9:16                 ` Leah Neukirchen
2019-10-09 23:04           ` Dave Horsfall
2019-10-10  6:31             ` Vincenzo Nicosia
2019-10-09 19:59         ` Rob Pike
2019-10-09 20:09           ` Kurt H Maier
2019-10-09 21:05             ` Bakul Shah
2019-10-09 21:09               ` Warner Losh
2019-10-09 21:16                 ` Arthur Krewat
2019-10-09 22:05                   ` Adam Thornton
2019-10-09 23:28                     ` Steffen Nurpmeso
2019-10-11 12:28             ` Anthony Martin
2019-10-09 20:14           ` Arthur Krewat
2019-10-10 20:24           ` Clem Cole
2019-10-10 20:38             ` Nemo
2019-10-10 20:52               ` John P. Linderman
2019-10-11  6:24               ` Dave Horsfall
2019-10-11 11:09                 ` William Pechter
2019-10-11 23:46           ` Finn O'Leary
2019-10-12  0:21             ` Arthur Krewat
2019-10-10  8:21         ` Dan Cross
2019-10-10 11:58           ` Arthur Krewat
2019-10-10 12:07             ` Leah Neukirchen
2019-10-18 14:34               ` Arthur Krewat
2019-10-18 15:01                 ` Royce Williams
2019-10-18 15:05                   ` Royce Williams
2019-10-18 18:32                   ` Royce Williams
2019-10-19 13:11                     ` John P. Linderman
2019-10-10 13:57           ` Henry Bent
2019-10-10 14:05             ` Arthur Krewat
2019-10-15 16:32               ` Michael Kjörling
2019-10-10 14:10             ` Leah Neukirchen
2019-10-11  2:49             ` Dave Horsfall
2019-10-08 20:52 ` Dave Horsfall
2019-10-08 21:15   ` Michael Kjörling
2019-10-19 13:45 Norman Wilson
2019-10-19 20:27 ` ewe2
2019-10-19 20:41   ` Arthur Krewat

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e0468b1c-2b5c-803c-3baf-77cd9a424e90@kilonet.net \
    --to=krewat@kilonet.net \
    --cc=tuhs@minnie.tuhs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

The Unix Heritage Society mailing list

Archives are clonable: git clone --mirror http://inbox.vuxu.org/tuhs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.tuhs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git