
It was Bill Joy's password, not Ken Thompson's, that had a control character - MrXOR
https://minnie.tuhs.org/pipermail/tuhs/2019-October/019125.html
======
js2
The current title ("It was Bill Joy's password, not Ken Thompson") I assume is
in reference to Ken's password being cracked two weeks ago. The title is not
correct. Ken's password was cracked. Bill Joy's password has now also been
cracked, but not disclosed w/o getting permission from Joy to do so first.

Discussion from two weeks ago -
[https://news.ycombinator.com/item?id=21202905](https://news.ycombinator.com/item?id=21202905)

Message posting /etc/password entries -
[https://minnie.tuhs.org/pipermail/tuhs/2019-October/018854.h...](https://minnie.tuhs.org/pipermail/tuhs/2019-October/018854.html)

Message showing Ken's cracked password -
[https://minnie.tuhs.org/pipermail/tuhs/2019-October/018917.h...](https://minnie.tuhs.org/pipermail/tuhs/2019-October/018917.html)

Message showing Bill Joy's hashed password -
[https://minnie.tuhs.org/pipermail/tuhs/2019-October/018955.h...](https://minnie.tuhs.org/pipermail/tuhs/2019-October/018955.html)

A correct title would be "Bill Joy's password has now also been cracked."

~~~
tedunangst
The title is in reference to which password contained a control character. It
is truncated, but not incorrect.

~~~
dang
Ok, we've put a control character in the title above.

(Submitted title was "It was Bill Joy's password, not Ken Thompson"... also a
category error to compare a password to Ken.)

~~~
papln
Could be simplified to "Bill Joy's password had a control character", since no
one had announced a thought that Ken's password had one, so the misdirection
is pointless distraction.

~~~
tedunangst
[https://twitter.com/TychoTithonus/status/1185211446537273344](https://twitter.com/TychoTithonus/status/1185211446537273344)

~~~
js2
Ah, a link to that tweet in the first place would've made a lot more sense.

------
cantrevealname
For everyone who finds this story confusing, I'll try a recap:

The password file on UNIX systems from 1969 right up till the 1990s were
readable by everyone on the system. However, the passwords were one-way
encrypted or "hashed". For the password a user typed such as "p/q2-q4!", the
password file contained a hash such as "ZghOT0eRm4U9s". It used to be a rite
of passage of every aspiring UNIX systems programmer to write a cracking
program to discover some of the passwords on their system -- typically by
encrypting a dictionary of words to see if any matched up with the hashed
values in password file. If everyone picked good passwords, this was futile.
But on any large UNIX system, many users selected dictionary words so this
attack was often successful.

Recently someone unearthed the password file from one of the original systems
on which UNIX and C were developed. Naturally it's great fun to discover the
original passwords of all the UNIX luminaries such as Ken Thompson (his strong
password being a chess move "p/q2-q4!"), Dennis Ritchie (password "dmac" \--
anyone know what that might mean?), Brian Kernighan (an easy to type keyboard
pattern "/.,/.,"), Steve Bourne, inventor of the Bourne shell, didn't seem to
care and chose obvious password "bourne", and more here
[https://news.ycombinator.com/item?id=21209594](https://news.ycombinator.com/item?id=21209594).

One lone password from the original list, Bill Joy's password, was still
uncracked. Bill Joy is the co-founder of Sun Microsystems, author of vi, and a
key developer of BSD UNIX. He apparently picked the best password. This latest
news says that Bill Joy's password has now been cracked, that it uses a
control character in place of a letter, it is otherwise all lowercase letters,
and is a chess related term (as Ken Thompson's was also chess related). An an
example, his password could be chess-related word "c^Astlng", where the ^A is
control-A (but it isn't -- I checked). But the actual password has not been
revealed "because of the outpouring of negativity about these disclosures,
[the discoverer is] reluctant to post the actual password without [Bill Joy's]
consent".

~~~
pingyong
Pretty interesting that those guys took what are essentially joke passwords.
Seems like they probably didn't expect anyone to bother trying to crack them.

------
EvanAnderson
If you read on in the thread there's this fun story[1]:

> John P. Linderman jpl.jpl at gmail.com

> Sat Oct 19 23:11:10 AEST 2019

> Related story. A user came to us with a problem while we were in our
> computer room. We asked him to log in at the VAX console, so we could look
> into the problem. Moments later, dozens of users flooded in, asking what had
> happened. Seems the first user had a CTRL-P in his password, which, when
> entered at the console, triggered the VAX to pause.

[1] -
[https://minnie.tuhs.org/pipermail/tuhs/2019-October/019137.h...](https://minnie.tuhs.org/pipermail/tuhs/2019-October/019137.html)

~~~
carokann
I do this all the time with bash. I run a python script, and try to ctrl+c the
output of it while it's still running. My brain refuses to learn right click.

~~~
lejar
ctrl+shift+c will copy it. :)

------
mzs
Bill Joy used a control character:

    
    
        Second attempt was lower-case with control characters, and succeeded in 
        around 40 minutes.
        
        There's a control character in it ;)
        
        Because of the outpouring of negativity about these disclosures, I am 
        reluctant to post the actual password without the user's consent, since 
        he's still alive. If anyone knows Bill, and can contact him, please ask 
        for permission.
    

[https://minnie.tuhs.org/pipermail/tuhs/2019-October/019124.h...](https://minnie.tuhs.org/pipermail/tuhs/2019-October/019124.html)

------
technofiend
Plato terminals had a custom keyboard* which included buttons for super and
subscripts. The administrator for our school district's account had special
privileges including the ability to create new users, give others the right to
create lessons, more disk space and was highly coveted. It didn't take too
long for someone to figure out Mrs. Kennedy's password was <SUPER>man. Of
course my password instantly became yellow<SUB>marine.

* [http://xahlee.info/kbd/plato_iv_keyboard.html](http://xahlee.info/kbd/plato_iv_keyboard.html)

~~~
sedachv
> Plato terminals had a custom keyboard

Every terminal and personal computer had a custom keyboard back then.

------
projektfu
I inadvertently had this on a Sun. I was entering a new password from a remote
terminal and accidentally hit a lower case letter where I wanted an upper case
one. Reflexively I hit backspace, and the Sun used DEL, so it stored a ^H in
the password. I was then unable to change it because while getty or login
could handle it, passwd wouldn’t accept it as my existing password.

~~~
technofiend
Anecdotally pressing ^v triggers quoting so the next character is taken
verbatim. So ^v^h should have worked.

~~~
projektfu
There was a ton of wizardry I didn’t know at the time

~~~
technofiend
I hear you. The very first system Unix system I had root to ended up with two
etc directories. It took a really long time to figure out I hadn't corrupted
the filesystem but instead had created one directory named /etc<DEL> which was
an unprintable character.

~~~
anon9001
`mkdir -- "$(echo "-rf \u2215")"` is a fun one for someone else to anxiously
rm later ;)

~~~
technofiend
Lol. The lessons I learned about ls -lq, ls -li and find -inum have stuck with
me since then, though.

------
ohjeez
I knew someone who started with DEC minicomputers. His original password
included a backspace.

That is, the password might have looked like

1234

but it was actually

12^H34

because at that point, the backspace character was still a terminal command.

------
cantrevealname
If anyone would like to try their own hand at discovering Bill Joy's 1970s-era
password, here's how to get started with the hashcat tool. First check if
everything is working by trying a known result, e.g., Dennis Ritchie's
password which we know was "dmac":

    
    
      apt-get install hashcat
      echo "dmac" > guesses
      hashcat --force -m 1500 -a 0 gfVwhuAMF0Trw guesses
    

If see you a message that says, "gfVwhuAMF0Trw:dmac" and "Status: Cracked",
it's working. Now put in Bill Joy's hash ".2xvLVqGHJm8M" in place of
"gfVwhuAMF0Trw" and a list of guesses, one per line, in the guesses file, and
run hashcat again.

We've been told that the password is a chess-related word, all lowercase
letters except that one letter is a matching control character, such as in
"b^Ishop" where the "i" is actually a control-I.

------
MrXOR
Sorry, the title and I were wrong. now, I read the full story and a better
correct title is: "Bill Joy's Unix password had a control character". @dang,
please edit the title.

------
big_chungus
A guy I worked with did this once, but on an esxi machine through the web
interface. Took a very long time of figuring out what characters to press on
an ssh connection from a mac to get the same, then to translate that to
windows keyboard. Password changes often warn (or flat-out deny) if your
password is too short, similar to username, etc.; maybe they should do so for
control characters.

------
EamonnMR
So much interesting content is locked in these oldschool mailing lists, how
does a modern-day web user get into them?

~~~
capableweb
Like the rest of us, get browsing!
[https://minnie.tuhs.org/pipermail/tuhs/](https://minnie.tuhs.org/pipermail/tuhs/)

Might as well add a disclaimer: back in the days, in order to find the gold
nuggets on the web, you had to shift through shit. A lot of shit. But then
once in a while, you find those little nuggets that made the whole shit-
shifting worthwhile. Useful exercise in patience for beginner webbers maybe.

~~~
AceJohnny2
> _back in the days, in order to find the gold nuggets on the web, you had to
> shift through shit._

"back in the day"?

Edit: no, I meant, it hasn't changed since then. Sturgeon's Law still applies
today.

~~~
capableweb
I did not know that it's "day" not "days". Not a native English speaker and
have always been saying it "days". Thank you for correcting me!

~~~
mikorym
Both could be correct. Here I think "day" could make more sense. An example of
the other case: "Back in the days of Fortran programming..."

If you leave out anything after "days" by just saying "back in the days" then
it is like you are pausing. As in when you reminisce, "Oh, back in the days!"
Maybe that is what the intention was.

In any case, the commentor was actually just saying that he thinks nothing has
changed.

------
gm3dmo
They all had their uid set to 0?

~~~
DrStalker
From memory setting a UID to 0 was a way to effectively have multiple root
accounts on a system. sudo is a much better solution to the same problem so
using uid 0 in this manner is not something I expect to see on any modern
unix/linux system.

~~~
dredmorbius
"shutdown" or "reboot" as a UID=0 user with shell set to "/sbin/shutdown" or
"/sbin/reboot" and a specific password is still occasionally found. Log in as
that to shut down or reboot system.

