29
It was Bill Joy's password, not Ken Thompson's, that had a contr...
source link: https://www.tuicool.com/articles/muaQfeU
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
[TUHS] Recovered /etc/passwd files
Royce Williams royce at techsolvency.com
Sat Oct 19 01:01:12 AEST 2019- Previous message (by thread): [TUHS] Recovered /etc/passwd files
- Next message (by thread): [TUHS] Recovered /etc/passwd files
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Oct 18, 2019 at 6:35 AM Arthur Krewat <<a href="https://minnie.tuhs.org/cgi-bin/mailman/listinfo/tuhs">krewat at kilonet.net</a>> wrote: ><i> This has been solved. </i>><i> </i>><i> First attempted was a full 8-character upper/lower/numeric brute force </i>><i> which took over 6 days and failed. </i>><i> </i>><i> Second attempt was lower-case with control characters, and succeeded in </i>><i> around 40 minutes. </i>><i> </i>><i> There's a control character in it ;) </i>><i> </i> I'd long suspected that someone would have done this; it would be a great way to expand the total keyspace, and extend the life of But given Ken's seminal work in password stretching and keyspace analysis, I always suspected that it was ken, not bill. in 2015, I was intrigued by the idea that he'd left a little puzzle in a hash that he knew would be publicly available. I even went so far as to construct a small FPGA cluster in pursuit of that theory: <a href="https://www.techsolvency.com/passwords/ztex/">https://www.techsolvency.com/passwords/ztex/</a> What original caught my attention was the logic behind enforcing password quality in passwd.c during a specific era of BSD code, which exited ambiguously in a double negative of sorts, where control characters were not disallowed during password entry. (I'll try to dig up the source.) Anyway, I must have made an error in my original work in 2015, in which I found both of ken's: <a href="https://twitter.com/TychoTithonus/status/1182181560264491008">https://twitter.com/TychoTithonus/status/1182181560264491008</a> ... but managed to miss bill's entirely, thinking that it had already been cracked. In the superset of all CSRG-published distros, there are slightly more than 1400 total hashes, and one of bill's appears to have been lost in the shuffle (the other was trivial). So some hearty (and bittersweet!) kudos for solving this puzzle! It is what drove me into password auditing as a passion (and profession). Royce -- Royce Williams Tech Solvency -------------- next part -------------- An HTML attachment was scrubbed... URL: <<a href="http://minnie.tuhs.org/pipermail/tuhs/attachments/20191018/268bfeb1/attachment.html">http://minnie.tuhs.org/pipermail/tuhs/attachments/20191018/268bfeb1/attachment.html</a>>
- Previous message (by thread): [TUHS] Recovered /etc/passwd files
- Next message (by thread): [TUHS] Recovered /etc/passwd files
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK