From: Arthur Krewat <krewat@kilonet.net>
To: tuhs@minnie.tuhs.org
Subject: Re: [TUHS] Recovered /etc/passwd files
Date: Sat, 5 Oct 2019 13:49:27 -0400 [thread overview]
Message-ID: <e0468b1c-2b5c-803c-3baf-77cd9a424e90@kilonet.net> (raw)
In-Reply-To: <20191005172944.GI20298@localhost>
I cracked a root password for a certain system, back in the ARPANET days.
If memory serves, it was 5 characters.
I was able to get my hands on the crypt() source, and figure out that
the first part of it was intentionally "lengthy" and it just
pre-computed a bunch of stuff on purpose. At least, that's my memory of
it at the time.
I was able to separate that precompute part, and then loop through all
combinations further down the crypt() function. Made it a lot faster.
Was able to crack a 5-character password in less than a week (or maybe
it was a few days) on a VAX-11/750. Of course, it was a simple password
consisting of lower-case alpha and no numerics.
I think the first letter of the password was "b" which helped a lot ;)
Nowadays, run hashcat on an HPC cluster and you can break a lot of stuff...
art k.
On 10/5/2019 1:29 PM, Michael Kjörling wrote:
> On 3 Oct 2019 18:51 +0000, from finnoleary@inventati.org (Finn O'Leary):
>> password was something interesting like './,..,/' (it was entirely
>> punctuation characters, was around three different characters in total, and
>> was pretty damn short).
> I'm a bit late to the party here (it's been a crazy week for me and
> I'm only just now starting to catch up), but don't forget that hashed
> Unix passwords back then were limited to eight bytes (actually I
> believe the hard limit was 64 bits' worth of password, so if your
> system used less than 8 bits per character, you could theoretically
> cram more _characters_ into the password, but not more _entropy_,
> which topped out at 2^64 no matter what you did, and in practice a
> fair bit less because you wanted to be able to type it in).
>
> Of course, this wasn't a problem in practice when even just hashing a
> single candidate password took noticable fractions of a second. At 100
> ms per hash, while you could exhaustively search the lower
> alphanumerics four characters space within about two days (my
> calculator says 1.944 * 86400 seconds for that) if you could hog the
> computer for everyone, by the time you got to six characters the same
> search would take almost 7 years, and eight characters the better part
> of 9000 years (assuming you kept running it on the same hardware for
> the duration).
>
> Adding uppercase A-Z alongside lowercase a-z and 0-9 increases the
> exhaustive search time even for the four characters password space to
> about 17 days at 100 ms per hash. So with no additional information
> for an attacker, even a [a-zA-Z0-9]{4} password was tolerably secure,
> and a [a-zA-Z0-9]{5} one was more than good enough if you changed it
> once a year (would take about three years to crack at 100 ms/hash).
>
> William Cheswick mentioned 8e9 hashes per second. While that sounds
> low for good ol' Unix crypt() to me, at that rate, an exhaustive
> search of [a-z0-9]{8} would take about 353 days, again according to my
> calculator. [a-z0-9]{4} would finish in about 18 seconds. My _guess_,
> without having looked up current numbers, is that these figures are at
> least some two orders of magnitude too high given modern hardware.
> Just look at EFF's good ol' Deep Crack.
>
> I wasn't really around much at the time, but if _The Cuckoo's Egg_ is
> to be believed, the bigger problem was that people in general weren't
> any better at choosing good passwords (or keeping them secret) back
> then than they are today. That honestly wouldn't particularly surprise
> me. Technology advances, but people remain largely the same?
>
next prev parent reply other threads:[~2019-10-05 17:50 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-03 18:51 Finn O'Leary
2019-10-03 19:30 ` Leah Neukirchen
2019-10-03 20:41 ` Finn O'Leary
2019-10-03 22:04 ` Steffen Nurpmeso
2019-10-03 23:24 ` Dave Horsfall
2019-10-04 0:59 ` WIlliam Cheswick
2019-10-04 16:08 ` Arthur Krewat
2019-10-04 10:29 ` Leah Neukirchen
2019-10-04 15:05 ` Ken Thompson via TUHS
2019-10-05 18:05 ` Tom Jones
2019-10-08 17:38 ` Arthur Krewat
2019-10-08 20:40 ` Dave Horsfall
2019-10-08 20:57 ` Arthur Krewat
2019-10-09 12:55 ` Leah Neukirchen
2019-10-09 16:17 ` Arthur Krewat
2019-10-05 17:29 ` Michael Kjörling
2019-10-05 17:49 ` Arthur Krewat [this message]
2019-10-08 18:38 Norman Wilson
2019-10-08 18:51 ` Arthur Krewat
2019-10-08 21:02 ` Dave Horsfall
2019-10-08 21:22 ` Arthur Krewat
2019-10-09 5:49 ` Nigel Williams
2019-10-09 5:52 ` Nigel Williams
2019-10-09 6:00 ` Warner Losh
2019-10-09 8:16 ` Andy Kosela
2019-10-09 8:53 ` Ken Thompson via TUHS
2019-10-09 9:16 ` Leah Neukirchen
2019-10-09 23:04 ` Dave Horsfall
2019-10-10 6:31 ` Vincenzo Nicosia
2019-10-09 19:59 ` Rob Pike
2019-10-09 20:09 ` Kurt H Maier
2019-10-09 21:05 ` Bakul Shah
2019-10-09 21:09 ` Warner Losh
2019-10-09 21:16 ` Arthur Krewat
2019-10-09 22:05 ` Adam Thornton
2019-10-09 23:28 ` Steffen Nurpmeso
2019-10-11 12:28 ` Anthony Martin
2019-10-09 20:14 ` Arthur Krewat
2019-10-10 20:24 ` Clem Cole
2019-10-10 20:38 ` Nemo
2019-10-10 20:52 ` John P. Linderman
2019-10-11 6:24 ` Dave Horsfall
2019-10-11 11:09 ` William Pechter
2019-10-11 23:46 ` Finn O'Leary
2019-10-12 0:21 ` Arthur Krewat
2019-10-10 8:21 ` Dan Cross
2019-10-10 11:58 ` Arthur Krewat
2019-10-10 12:07 ` Leah Neukirchen
2019-10-18 14:34 ` Arthur Krewat
2019-10-18 15:01 ` Royce Williams
2019-10-18 15:05 ` Royce Williams
2019-10-18 18:32 ` Royce Williams
2019-10-19 13:11 ` John P. Linderman
2019-10-10 13:57 ` Henry Bent
2019-10-10 14:05 ` Arthur Krewat
2019-10-15 16:32 ` Michael Kjörling
2019-10-10 14:10 ` Leah Neukirchen
2019-10-11 2:49 ` Dave Horsfall
2019-10-08 20:52 ` Dave Horsfall
2019-10-08 21:15 ` Michael Kjörling
2019-10-19 13:45 Norman Wilson
2019-10-19 20:27 ` ewe2
2019-10-19 20:41 ` Arthur Krewat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e0468b1c-2b5c-803c-3baf-77cd9a424e90@kilonet.net \
--to=krewat@kilonet.net \
--cc=tuhs@minnie.tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).