Hacker News new | past | comments | ask | show | jobs | submit login
Ken Thompson's Unix Password (leahneukirchen.org)
2100 points by stargrave 13 days ago | hide | past | web | favorite | 633 comments

I remember cracking the password from a Windows system in high school. There was a centralized login mechanism using Novell but everything was cached locally. So you could boot a Linux CD and copy the password file to a memory stick, and crack at home. I think I used lophtcrack? The head admin account for the entire school district (basically root) had the password “north”. It took like a fraction of a second to crack. It was so simple that for weeks I didn’t even believe it to be true, and didn’t realize the name of the account was an admin.

I was expelled a few months later for all the fun I had after discovering this. Good times.

I was expelled from university for pulling off the exact same exploit with the "workstation only" feature in Novell. In my case, they put a computer in every dorm room, and every single one of them had a domain-wide administrator account cached in its SAM file. It was inevitable that a student would find it. It's been almost 15 years now but I believe the password was rac3c4r or something trivial like that. I ran Ophcrack overnight and in the morning I had admin access to every machine on campus.

I also had the bright idea to try this on library computers and email kiosks around campus used by thousands of students. Rather than booting into Ophcrack I'd just log in with the admin account and run pwdump from a USB stick to collect password hashes. I figured out how to enumerate Windows machines over the network using NetBIOS and ran the pwdump utility remotely using psexec, so that I could hit every computer in the library at once, or every computer in a computer lab, etc.

I ended up cracking credentials for most students and faculty on the entire campus. I was really young at the time and thought this was some real cool James Bond shit. I never once used it for evil: never read anyone's email, never viewed anyone's private files, never poked around the academic file shares for test solutions, never tried to steal credit card numbers or social security numbers from the finance office's file share. It was purely a hack for the thrill of breaking down barriers and outsmarting the security. But MONTHS later after I had long since grown tired of tinkering with this stuff, a couple of uniformed police officers pulled me out of Calculus class and took me downtown. They tossed my dorm room and confiscated my computer and my phone and every piece of digital storage I owned. The school threw the book at me, I guess because they were so embarrassed by their incompetence on display from being beaten by a 16 year old.

(Posting on my alt account for obvious reasons.)

>I never once used it for evil: never read anyone's email, never viewed anyone's private files, never poked around the academic file shares for test solutions, never tried to steal credit card numbers or social security numbers from the finance office's file share.

I don't understand this justification. The system owners can't know that to be true and have to proceed as if the systems are compromised. Would you still feel safe if a burglar broke into your house and left a note saying they didn't take anything?

It's not a justification. What I did was wrong. I'm just telling you what I did and why I did it. I wasn't interested in hurting anyone or in gaining any advantage for myself, only in breaking the system.

Also, I didn't actually go in anyone's house. If passwords are really so inherently private even apart from their access implications, maybe we shouldn't be sharing Ken Thompson's old password.

Yes, a good defense against a charge of burglary would be not having stolen anything. In an imaginary perfect criminal justice system, charges/penalties are based on damage done. Less damage done is a lesser crime.

I was expelled for the same reason and here's what the school admins said about it. https://www.sandiegouniontribune.com/pomerado-news/sdpn-rbhs...

> In an imaginary perfect criminal justice system, charges/penalties are based on damage done.

Hell no. Otherwise you could just set up one gigantic crime by comitting a bunch of small "no damage done" crimes along the way-say, stealing a string of credentials one at a time, but not actually using them until you have all of them together and then you commit your major heist/crime.

Mens rea is an important consideration so it's not just about damage done (though the fear a key could be used in pursuit of a worse crime is also a harm) but the intent/recklessness of an act.

Well, the imaginary perfect criminal justice system would probably arrest you right as you had completely committed to causing the damage, instead of afterwards. But it should still be justifying the arrest based on the act that caused damage, not the harmless acts that set you up to be ready to do it.

Ah, like Minority Report

The crime in this hypothetical degrades from Burglary to Trespass, not "no crime."

Lesser punishment doesn't mean no punishment. Furthermore, you can always argue that the intent is to commit a major crime.

A burglar might kill someone, book them on home invasion charges even if the house was empty.

Isn't this more like duplicating everyones house key? He never actually went into the houses.

Except he went in the Admin's house:

> I'd just log in with the admin account and run pwdump

Just to be clear, in case this matters, it wasn't an account belonging to an administrator, it was a default superuser account called (if I remember right) "TECH" in all caps, and didn't have any files or anything in it. It's not like it was a person and I was poking around their private stuff.

Only if you can know he didn't actually go in. Even now, do you believe he never liked at a single private file?

What possible reason would I have to lie about it? You think I'm worried about investigators raiding my VPN service so they can track down and charge a grown-ass man in juvenile court for something that happened 15 years ago? You think I'm worried about my reputation on this throwaway account with a grand total of five previous comments? What's the point in believing that this whole escapade happened at all if you're going to randomly doubt a particular element of it?

I was a kid, I was stupid, but I wasn't an asshole. I didn't go peeking and violating people's privacy because that would have been a dick move. Just like tons of people on Hacker News today have access to personal data on SaaS systems we maintain and don't go peeking. Just like tons of people are perfectly capable of picking their neighbor's locks but don't walk into their house for no reason. It's not even tempting. I don't care what's in my neighbor's house, and I don't care what's in random other students' homework documents or email or whatever. The only interesting part was breaking the security.

If someone secretly stole my key and made a copy of it, I hope the court would send them to jail, regardless of why they made the copy.

No, it's generally not illegal to copy someones key. It's illegal to STEAL the key, of course, but copy? Not a crime. Some states have laws that prohibit "providing access" to a government facility which can be applied to copying government keys, but your house key? Nope.

SOURCE: am locksmith

> Would you still feel safe if a burglar broke into your house and left a note saying they didn't take anything?

That doesn't make it okay, but it certainly should result in a much lesser sentence than if the perpetrator had damaged or stolen property.

No. The serious crime is breaking in. Usually when someone's house is broken into they don't care about the stuff at all. They care that their personal space and sense of security has been violated. Also the criminal doesn't know what they'll find when they get in in but they are setting up a situation that can escalate quickly. Kids home alone? Someone with a shotgun? The very act of breaking in means they are ready to commit violence. If someone breaks into our house and sleeps there all weekend while we are on vacation, but doesn't take anything, does that deserve a lesser sentence than if they took a $100 TV? Not in my opinion.

"The very act of breaking in means they are ready to commit violence."

You really believe this? What makes you think you speak for people in general, or know the mind of the average burglar?

And how far does your equivalence view stretch, if someone trespasses and uses your pool is that the same as taking your outdoor furniture? Why not?

Well that's an opinion, but not how the law actually works, where misdemeanor/felony levels and minimum sentencing are based in dollar value stolen.

The purpose of the whole system is education. He used it exactly for that.

Just make it more secure so the next people can have a bigger challenge.

It was clearly an illusion of safety to begin with if they broke in. At that point you're at least informed, and it didn't cost you anything.

> Would you still feel safe if a burglar broke into your house and left a note saying they didn't take anything?

You might feel safe if he didn’t, but you wouldn’t actually be safe, would you?

Feelings are more important than reality!

See: NSA and mass surveillance

Yes! The SAM! It’s all coming back to me now.

Do you know how they ended up finding out about it and catching you?

Yeah. My technical tracks were covered. It was the roommate of one of my friends. He overheard me talking about it and ratted me out.

It's always that kid. I did something similar in high school with luckily no serious repercussions but yup it was another kid who ratted me out. I could have changed my grades and stuff but luckily I was pretty content. The network admin who I really looked up to and asked lots of technical questions vouched for me. I think the fact that I only played around with the admin account for fun and never touched anything else helped my case.

What a punk

That is an understatement. I wonder what kind of backstabber he grew up to be :/

The concerned kind. Refusing to keep their mouth shut when others exploit the system.

This is a problem, here GP is a hero, a hacker, a free spirit. But there is no point in romanticizing such behavior.

If you find a vulnerability in a system, you disclose it to the people that should know about it. You can do that anonymously, or you can alert people in a subtle way.

What you don't do is sit on it and brag to people what a clever person you are.

What the OP did is (in this case) irrelevant to what the asshole did. There were multiple ways he could have gone about dealing with the situation that did not involve fucking someone over, but he chose to do that instead.

I just cannot attribute something like that to altruism.

Listen, knowing only OP's side of the story it's easy to sympathize. Especially if he's a part of our inngroup of technical people.

Dismissing the whistle-blower as a "kid, that wanted to just fuck someone over" is hardly fair.


I was wondering when this one would come up. "Snitches end up in ditches" mentality is at fault here.

You pretend that someone cracking everyone's password is not a problem that the organization should address or even know about.

We should not turn our gaze away. "This is not my problem" is simply not a correct response. Snowden knew that, and yet, some people call him a snitch and a traitor.

Probably a politician.

wow, that's very scummy. That must feel worse than them finding you because you slipped up technically.

I think that if someone boasts that they've cracked everyones password, reporting them is the right thing to do.

Perhaps the discretionary thing to do in the case where the perpetrator is relatively whitehat is to mention to IT that "it appears common knowledge that all admin passwords are compromised" without exposing their identity.

High school kids or uni students being discretionary?

What an interesting alternate reality that would be.

> wow, that's very scummy.

You misspelled "prudent".

good citizen

Can't help but wonder, didn't you think about reporting this, anonimously at least?

If you figured this out, it wasn't all that unlikely that a less scrupulous hacker could have.

(Not judging, both because I don't like to and because you were a kid.)

Sigh, I grow tired of pointing this out, but if they were able to figure out someone was doing this, and even who it was, then you weren't a l33t hacker. You used common tools and used a known exploit that people were watching.

You broke rules for personal enjoyment and weren't even good enough to not get caught. You didn't beat them, they beat you. It doesn't matter if you went unnoticed for several months, the fact is standard monitoring and logs were your down fall. Nobody ever thinks of the log files and network monitoring tools as being part of security. Not being prevented from accessing the system is not the same thing as successfully hacking a system unless you aren't caught either.

> You broke rules for personal enjoyment and weren't even good enough to not get caught.

Otherwise known as being young and in their formative years. Plenty of HN had similar experiences and luckily even 15 years ago this harsh view on teenage stupidity was in the minority.

He also doesn't seem claim to be a l33t whatever.

> Not being prevented from accessing the system is not the same thing as successfully hacking a system unless you aren't caught either.

> You didn't beat them, they beat you.

They beat themselves, which was understandable back in the day but that's a popular narrative to this day. If a school kid with random scripts or untargeted ransomware gets into a system I put far more blame on the process that prevented them from being patched than said kid.

He points out below that he was caught because another student overheard him discussing it and ratted on him. I feel like a real hacker wouldn't make a bunch of untested assumptions about situations they have no context for.

Real Hacker™

Our high school network ran on Novell NetWare, but I wasn't anywhere near smart enough to crack anything so I just wrote a little program in QBASIC that looked like the NetWare login prompt which rejected all login attempts but dumped what was entered into a text file, and left it running on one of the PCs in the computer room. It wasn't even a compiled program, it was just running inside QBASIC's IDE.

Yet it was running for three days before the admin got around to checking the machine, and all he did was try to log in, failed, and rebooted the machine — bringing it back to the real NetWare login screen. I got his password and pretty much everybody else's too, and to this day, more than 20 years later, I still use bits of his admin password from time to time when I'm creating temporary accounts.

This is exactly why some versions of Windows required you to press ctrl-alt-delete to open the login form. Programs aren't allowed to block Windows from receiving ctrl-alt-delete, so a fake login program would not be able to stay on the screen after the user pressed ctrl-alt-delete. (Of course this only works if the user knows to always hit ctrl-alt-delete when they go to login. If the user sees an already-open (fake) login screen and does not hit ctrl-alt-delete, then they're vulnerable.)

The new Windows 10 login screen doesn't seem to support anything running on it, all I've seen is a duo security prompt that A. Only showed up after a login and B. Doesn't work on Windows 10 in a non-rdp session on a Microsoft account[0]. Sadly this also means you can't run something like Wallpaper Engine on the lock screen[1].

0: https://duo.com/docs/rdp-faq#can-i-use-duo-with-a-microsoft-...?

1: https://steamcommunity.com/app/431960/discussions/0/15001264...

The specific threat that ctrl-alt-delete's supposed to mitigate is where a user's already logged in, but a program's running that mimics the login prompt. Since applications can't handle ctrl-alt-del in Windows, if you pressed it at a fake login prompt, you'd get the Windows Security dialog/screen rather than a login prompt and it would be obvious that something's wrong.

Its utility's limited these days since consumer configurations of Windows have users trained not to expect to have to press ctrl-alt-del to log in. I'm not sure that it's even enabled by default on domain-joined machines any more as of Windows 10 (still available via Group Policy, though).

I've noticed sometimes the lock screen won't show the login dialog via the regular "press any keyboard key" action or via mouse dragging it up, I had to press ctrl-alt-delete. Maybe there are some heuristics that decide this that I don't know about.

I think ctrl-alt-delete generates a hardware interrupt.

It is not a hardware interrupt in the sense that there's nothing special about this key combination to generate a specific interrupt. The only related interrupts are the keyboard interrupts that happen for every keyboard activity, which the BIOS interprets and takes actions like turning on a key LED and storing the actions in a memory buffer (this is all in "real mode" on x86 processors) before that goes further up to the application. Capturing the keyboard interrupt could allow one to intercept specific keystrokes (like Ctrl+Alt+Del) before the OS gets it, but that's not possible in the OSes the most people use today (which all run in "protected mode").

In real mode, the BIOS intercepts it. But it's still not a hardware interrupt; it just never gets to the OS.

Hah, I and a friend did a very similar thing with our school's NetWare. We managed to get ours to silently log the user in after collecting the credentials so it was mostly invisible. We created it to get the password from a particular guy, but in true dragnet style we installed it on as many machines as we could.

I have no idea how network drives were managed with NetWare, but some students always managed to find world writable dirs (that shouldn't be). Then it was a matter of finding some obscure subdirectory, create a new one (typically containing alt+255 characters) and stick games there. Fun times.

We did get his password (and many others), but never actually did anything with it.

I did the exact same thing, wrote the login faker in pascal.

Mine would print the "typo" error message, save credentials, and then log me out and show you the real login screen.

I managed to get the passwords of every student and teacher, but alas, I stored them in a file called hacked_passwords.txt , in my home directory. Got busted, and got a dozen saturday detentions.

You learned an important lesson about the importance of naming things.

This is fiendishly clever; you more than made up for a lack of technical skills by exploiting the wetware angle. Lovely little story :)

Reminded of my past experience and then remembered that already told that story:- https://news.ycombinator.com/item?id=17418559

I did exactly the same thing. Wrote to a file on my personal network share and then did this:

out &h64&hfe

Instareboot on a DOS machine.

My highschool (well, homeschool resource center) IT admin couldn't log into one of the macs in the A/V lab one day; I heard him talking about it, and being on good terms with him, I offered to try and hack in. I literally googled "how to hack macos password", chanced upon an `nidump` vulnerability recent enough that it hadn't been patched, used that to dump the password hash file, fed that to JTR (compiled on that same machine, to add insult to injury), and almost instantly ended up with the admin password for the entire domain: 1337

It turned out that someone hadn't changed the password, he had just mistyped it over and over again. At the time, I didn't know what "1337" meant, I just thought it was a weird number, and it wasn't until many years later that I suddenly burst into laughter, realizing the "elite" level of security in that lab.

Thanks for the good times, Ron! I'm really glad he just laughed and trusted me as I explored technology instead of freaking out when my portscanners started making the printer spew out a bunch of garbage.

I got kicked out of school when I was fifteen for doing this. My class was the first year to have a mandatory laptop program. Each laptop was running Windows XP on the schools AD domain. I booted up OPH-crack at home, and didn't get a result. So then I torrented a larger rainbow table and ran it again for three days. Boom, there I had it.

My motivation for this was wanting to install my own software on the laptop that my (underprivileged) family was forced to pay for (much more than what it was worth). This was not an optional item, it was a requirement of the state-run school. The student user account was not given local administrator rights on the computer.

After using the administrator account for six months to install my own software (this is when I first taught myself how to program), the school did a random "computer" check, where they confiscated everyone's computer - unannounced, at random, and simultaneously. My computer was asleep, signed onto the administrator account.

During the inspection, the school's IT administrators and an external contractor not only went through all of the files on the local computer, but they also my Gmail account which had credentials saved in Firefox.

When my father was called into the office to discuss what they found, the school had the state police there to discuss charges. After listening to them rant on for about thirty minutes, my father turned to the female police officer and calmly said "I would like to press charges against [ ...... ] school, and Mr [ ...... ] personally for accessing my child's email account in an unauthorized manner". The head master agreed to not proceed with charges but I was no longer welcome at the school.

Unrelated, but five years later, Mr [ ...... ] was charged with possession of child pornography and jailed for fifteen years.

Wow - this is awful. For simply getting admin rights on your own laptop? How do school admins get away with treating the kids like inmates? Good on your dad, he handled it well.

You don't get to be headmaster of a school without wanting to feel power over the kids.

And if that's the only power you have in your life, you'll protect it viciously.

Teachers are usually in it for the warm fuzzy feeling of doing something good, but I've never met a headmaster who didn't behave like I described above.

At my small highschool it was well known that the teachers essentially rotated being principal. They all hated it but it had to be done. While I was there it was the history teacher. Before that it was the science teacher. After I left the english teacher took over the role. Yes it was <100 people so there really was only one teacher for each subject with some overlap.

i wouldnt call it unrelated. He clearly had past behavior violating the privacy of his students with the cover of politics and police. Its how predetors like this operate, finding an authority position and exploiting it. And he clearly got away with it that time.

I wish my story was as cool and involved some technical expertise.

In year 10, a friend of mine saw our school network admin type the admin password in (he used his index fingers and typed in each character one at a time like someone with very little typing experience - this was 1998)

Anyway, I used this info to log in as the admin and I promptly deleted all of the student accounts in the school. Students around me immediately started complaining they couldn’t log in or access their assignments.

It was a stupid and immature thing to do.

Guess it’s a good reminder and lesson that you should always be careful who is watching you over your shoulder.

Oh, did something similar to change a friend's grades in college. Pretended to be on my smartphone while the professor signed in, and filmed their fingers on the keyboard. Took some trial and error watching the low-res video (this was before phones had nice cameras) frame by frame to figure out which keys he was hitting.

My high school's administrator password was “math”. I think the statue of limitations has expired by now.

I got it by writing a simple login spoofer in Turbo Pascal. The funny thing is I never bothered to remove it and after I graduated, I heard from the actual administrator that they were having a strange problem where the first login of the day spit out a disk full error.

> I got it by writing a simple login spoofer in Turbo Pascal.

Ha, I did the exact same thing, in turbo pascal as well!

Man, I miss those simple computer systems. I used to go to other peoples' desks and type the word "end" in column 100 of the first line of their program. They'd go mad with frustration trying to figure out why their program always ran instantly, with zero errors and zero output. Or I'd like them watch me type in my 6-digit numeric password, but they still couldn't log in as me because I was slyly holding down the alt key as I typed, so the password was really a single extended ascii character...

Getting up to all those hijinks gave me a love of computers that really set the direction my life would take.

Our high school's local admin password on every machine was the name of the school district. Used it to install P2P software and emulators on lots of the machines throughout my time there. On grad day I was setting up a slideshow with my CS teacher and the domain login wasn't working. I said "just log in with local admin". He said "I don't know the password". I did it in front of him. His words: "I don't want to know what you've done with this"

Dang, well done.

I spent three solid semesters wasting my "Computer Science" electives on breaking into the Novell system... I found tons of these encrypted passwords, and it never occurred to me to just crack one. I did find plenty of other ways to get in, though :)

Yea historically the SAM file on windows has always been a weak spot because of its NTLM hashing scheme. By breaking passwords larger than 7 letters into multiple sub-password hashes it virtually guaranteed rainbow tables would destroy its security.

I used this weakness whilst working at British Telecom to legally break into some NT boxes on behalf of a FTSE 100 company whos system my team got asked to take over.

They had had a bad break up with another supplier and had lost access.

I used our Art directors MAC to break in - I did consider setting up a diy cracking farm using all our suns and running it over night but I suspect that the security department might not have approved.

Out of curiosity, why did they do this? Was hashing super computationally expensive when NTLM first appeared (NT 3.51 I think?)

I wonder if it’s for export control. 7 chars x 8 bits = 56 bits. This used to be the limit for max size of symmetric keys by the US.

The "split into 7s" thing is from LM, which goes back to the OS/2 days... and it uses DES, which operates with 56-bit keys: 7 8-bit characters. Old DES-based crypt() has a similar limit: 8 7-bit characters.

NT hashes use MD4, which wasn't invented until 1990.

I believe LM also stored the passwords in uppercase as well. The NTLM password was used, but LM was also saved for compatibility (by default) with older Windows machines.

L0pth Crack utilized this when cracking, it first found the uppercase password, then it only had to brute force the case when cracking NTLM.

I did the same thing at my school but it was a brand new SMT magnet school so we showed the net admins and helped to prevent it... Zipslack (first 100mb linux distro) with l0phtcrack was part of my EDC. I believe the first time it was shown to the adults was after someone locked the school network admin out of everything so we helped him recover. We even set up a security lab for the admin team. The next year anything that looked like hacking was grounds for expulsion which lead to a lot more problems with it if you ask me. The school with a wing full of hackers wasn't gonna quit looking at new tools. The school just decided it was like teen sex or smoking. Banned! Lol.

Did the same thing with cain & abel. Took 2 days to crack an admin password, it was "weebles". Didn't get expelled though.

My school hacking story: 7th grade, springtime, ~1998. The district used software that ran on login and populated your desktop/start menu and permissions. This was a mixed network of windows 98 and XP for all the newer computers. I found a bug where if you corrupted your own user profile folder, windows would load a temporary one after reboot and not apply all the restrictions, giving access to explorer. You could also get access to explorer by going through the f1 help menu in a couple of different programs.

Promptly used explorer to navigate to my english teachers computer via the hidden c$ share, and delete the executable from the program files folder. Next time she logged in, BOOM nothing. no start menu, no desktop, no permissions. The admins had an incredibly consistent and predictable naming scheme, and my idiot "friends" I shared the vulnerability with promptly used this to nuke like 3 labs and a bunch of teachers computers.

Fast forward 1 month, we all got pulled out of PE by a cop and sentenced to 1-3 weeks of community service.

* I abused that profile bug to work exclusively out of portable firefox on a usb drive instead of being tied to internet explorer 6 and 7, which allowed me to bypass proxy settings and get access to gmail and read slashdot/ign/halo.bungie.org during school hours! Those were the days.

My school district was the Madison Metropolitan School District. I discovered quite by accident that the admin password for the school computers was just ‘mmsd’. It was literally my first guess.

There is something very wrong with the school (system) if you actually got expelled for that. If that is the whole story, they should have explained why it was wrong and tried to encourage you to learn more, responsibly, by actually asking you to help them with securing their system. That is roughly what my headmaster in Russia did in similar circumstances. The thought of expelling a kid over something silly like this wouldn't even cross anyone's mind.

In our engineering school the password hash used to be publicly accessible. Someone had devised a johntheripper binary to look like seti@home and made it run on several machines with the admins' benediction.

We had a meagre limited amount of quota on these shared systems (between 1 and 10 MB) but teachers had 1 GB. We stored the Quake binary on one teacher's account, Starcraft 1 on another and start kicking.

Good times...

One day I was board in comp sci and decided to CD into drives a - z. Found a bunch of Novelle NetWare utils sitting on a hidden drive. One of them listed all the users on the system, while another sent back generic user info. Thing is, this was a very large high school and a bunch of accounts never signed in. All you had to do was log in with a blank password and it would prompt you to select one on login. Any funny business on the network was done on a burner account. It was all just fun and games, but never did get caught. Although, one of my teachers did say the network admin sent out an email to all my teachers, telling them not to let me touch their computer. No matter. It would be foolish to login from a location that has a record of you physically being there.

Used to do it on Windows 95/98 at my school with Cain and Abel.

You could save the *.pwl files to a floppy, take them home, and crack them in a few minutes. All you needed was a PC that a teacher had logged into recently.

In high school a teacher in the computer lab tossed a piece of note paper in the garbage, a fellow student saw it, fished it out and brought it to me because I would be interested in having an admin password I guess. It was indeed the admin password for the QNX machines we used.

Life was so simple in the 80's.

This exact thing happened to me, except I accessed a network drive linking to some juicy information. The school expelled me and the state went after me. I ended up getting a misdemeanor expunged!

I did this in college to hack the digital sign on the Purnell Center at CMU. Did not get expelled. Also good times.

That's fascinating. Would you mind sharing the full story?

I was also expelled for basically doing the exact same thing. Exploiting cached domain admin passwords for Novell via a local SAM file. NTLM hashing does something incredibly dumb for legacy purposes by splitting passwords longer than 7 letters into multiple hashes for the first 7 letters and the second 7 letters. We got caught because a kid left a flash drive with teachers passwords in a computer lab and when the teacher tried to find out who the drive belonged too, he found that kids homework and his own password. There's some news stories that came from it:





What ended up happening to you after you got expelled?


Offtopic. Many teams use mailing lists. That UX always scared me. Is anybody know good tutorials on how to getting started to use this kind of interfaces?

This is a common refrain, mailing lists do need a lot of instructions at the bottom to make sense — email wasn't made for groups. It's like 'group' SMS, your phone might provide you with a single chat window with all your friends, but what it really is doing is just sending a separate SMS to every one of the recipients.

So you need the 'the manual' attached to every message to make sure people get it right. Looks downright scary sometimes though, especially the prospect of getting swiped at by UNIX greybeards if you do it wrong.

Incidentally, I'm working on a modern version of this whole page in a Reddit-like interface. (https://aether.app) It doesn't solve all of the pains of listserv, but it does help with most, including this one you mentioned.

> It's like 'group' SMS, your phone might provide you with a single chat window with all your friends, but what it really is doing is just sending a separate SMS to every one of the recipients.

Most modern phones use MMS Group messaging for groups larger than two. It's more efficient and flexible than SMS.

> email wasn't made for groups

I've always wondered why people didn't use newsgroups instead of mailing lists.

It's likely a combination of bad UX, complex set-up, flaky delivery and having no great interface to manage the groups, memberships, unsubscribes. At least that's the parts we're trying to fix.

Google Groups (kinda) solves this problem. On the viewing side, the app is pretty decent, and then you can still receive / reply through email if desired.

A good example group - https://groups.google.com/forum/#!forum/tiddlywikidev

I wish Apache projects would move more towards something like this.

Google groups is freaking awful!

It actually was decent in the beginning but with each change google broke more features and made the UI far less usable. Not to mention, you force anyone you want in your group to create a google account.

"Any sufficiently complicated group communication system contains an ad-hoc, informally-specified, bug-ridden, slow implementation of half of Usenet."

I wish. Over Microsoft Teams, I would take that any day of the week.

Like I said: "bug-ridden, slow" :)

uhh... including Usenet?

hmm.. Looks like the Morris Corollary won't work on this version.

> Incidentally, I'm working on a modern version of this whole page in a Reddit-like interface. (https://aether.app) It doesn't solve all of the pains of listserv, but it does help with most, including this one you mentioned.

> Try for free for 14 days


A decent email client will display these as a foldable hierarchy, sort of like HN or Reddit's posting interface, just with the body of the posts hidden. With that and full text search it's not so hard. It's the web interfaces that are a bit bulky.

A lot of them will use an algorithm similar to this one https://www.jwz.org/doc/threading.html

Great read! Just noting that the website redirects you to an obscene (but funny) image if this site is the Referer. Disable Referer before clicking or copy the link into the toolbar manually.

Incidentally, forgetting I had inverted colors for nighttime reading, to me the image looked like a fuzzy peach colored microphone or something similar. Took me a while to figure out how it was obscene! :)

Somebody got very salty at the brogrammers over here...

Haha, I completely forgot about that, sorry.

For the most part, you wouldn't use the web interface, which exists mostly for archival/search-engine purposes. You use a plain email program, and get used to hitting "reply all" instead of "reply" (this will have it be "To:" the person you're replying to, and will "Cc:" the mailing list address), you send a regular email to the mailing list address when you want to start a new thread. A halfway decent email program will thread the replies, like HN does.

As an internet old-timer, I initially thought this was a joke, but then realized that it's entirely reasonable for a whole "generation" of internet users to grow up without using mailing lists, and that indeed they may seem scary at first!

I'd recommend finding a mailing list conversation about a topic you know and then hitting all the buttons (there are only a few). you should be able to figure out the links from context

Many email applications can be set to a threaded view to be able to see who replied what to which message: https://support.mozilla.org/en-US/kb/message-threading-thund...

You can use Google Groups as either a mailing list or via the web. It's pretty handy and easy to administer if you don't mind outsourcing that to Google.

Each reply has its own page, just click next/prev to follow the thread (or jump using the tree at the bottom)

The interface is email. You know how to use your email client, right?

Ken Thompson is a top poster. Busted.

He’s probably a bit peeved he has to use a new password. ;)

I'm shocked at how well the old hashing stood up; sure, it's totally crackable today, but a well-picked password still took 4+ days to crack on modern hardware, which is remarkable. (Granted, it doesn't sound like they did anything fancy like throwing a hundred cloud instances at it or something; I'm not saying you should use DES today:) )

30 years ago I cracked everyone’s Unix password on an old Sun computer.

It didn’t take long because everyone had a password that was in the dictionary.

Needless to say, people were not happy with the messenger.

Inherited a system at current (for a few more weeks) employer (recently written so no excuse) that had used a weak hash for the password, I pointed out to my boss how bad it was and that it shouldn't have happened, he didn't pay a great deal of attention.

So I threw the OpenMP variant of John the Ripper at it (I'd just built a 8C/16T Ryzen machine and was curious) it broke ~80% of the passwords in under an hour and all of them over an afternoon of not been in use.

Went to see the boss and gave him the list of passwords including his (which was one of the weaker ones) - he gave me the time to fix it and some other glaring security issues.

The more things change the more they stay the same.

I know enough about security to know that I really don't know about security.

Reminds me of a security issue we had on our linux servers at a former employer. Short of it is, one could run any command as another non-root user without having sudo access or knowing the user's password. rsh access was inadvertently left wide open on thousands of servers.

A coworker and I stumbled into this one morning when I was helping him figure out how to remotely invoke a linux command from a windows gui. I don't recall why we were using rsh as we'd normally ssh into our servers. As we sat there trying to figure out how to enter the password, we decided to just try and run the command w/o a password. We were shocked when it just worked - we were never prompted for a password. When I reported this to my director, he asked me how bad it was. I was like, watch this: I sent an email as the CEO to him saying "you're fired.". He immediately went to our infrastructure team to get it fixed. Fun times...

> I know enough about security to know that I really don't know about security.

I'm not sure anyone ever gets past this point. There's way too much for any person to know and not enough hours in a day or days in a year or years in a lifetime to master everything. Even when it comes to computers in general at some level it just becomes magic to me. I might be able to point to a chip and say "that's the sound chip" or "that's a math co-processor", and even write software for it, but I have no idea what goes on inside and I wouldn't know where to even start trying to build one from scratch.

That’s my feeling as well, I try to follow best practices at the level I work at and hope everyone on the levels below me did the same.

Had I done this to any of my bosses I'd have been fired

That's funny - I was going to post that I was first exposed to this thirty years ago when my password was cracked on an old Sun computer! I didn't complain, it was a wake up call. (You weren't at OUCS were you?)

Ah, I remember doing that. Not quite 30 years ago, but jeez, getting close. Funny, it helped me remember some of the professor's wives names, and for some reason I can remember the husband-hunting Italian lady's password (amici) while I've forgotten both her name, her thesis project and everything else about her.

It was actually decently well received by the department head; he sent out a memo to the staff to not use their wives names for emails and looked like an early computer security innovator in the physics department.

30 years ago you could just sniff the passwords on the local subnet because everyone was using telnet and ftp in the clear.

20 years ago you could also sniff passwords for all Windows users in the same subnet as you. Windows used the NTLM scheme which was known to be weak even back then. An AMD K6 running overnight cracked almost all of them at my university's lab, including the Active Directory domain admin.

An NT hash can be used as a credential all by itself, no need to crack those ;)

You can't really blame them... it was called a pass "word".

I got myself and my best friend in high school fired from a fairly good gig because I cracked some dumb passwords and a CEO took it the wrong way. I still don't think he fully forgave me for it.

No good deed goes unpunished.

More specifically, pointing out someone else's stupidity is rarely welcome.

I had both experiences in high school. One situation -> bad result. The other I was made a quasi IT fixer - they put me to work (Novel Netware and other stuff). I would be called out of class to fix things. Since I was naturally super interested in how everything worked together and all the features and the librarians or VP or teachers were not it worked out. At the time I took it reasonably seriously.

In hindsight some teacher must have spoken up for me to come up with the solution when they were trying to come up with an appropriate response.

Novell Netware - blast from the past.

I had to go apologise to IT (who could barely keep a straight face) at college for sending a message from 'God' saying "I saw what you did last night and it disgusted me".

I thought it was going to just the lab but since I was poking around in something I really didn't understand I manage to send it out site wide.

Fortunately they saw the funny side.

I sent more than one message from God by telnet to <mail server> 25. Good times!

Around the same time, someone at my school made a much, much worse semi-accidental prank. Semi-accidental because he didn't think it would work. See, the campus list serve was setup to only allow certain senders to send messages. Makes sense, only a few top administrators should be able to do that. This person theorized that a simple <smtp: from> hack, using an authorized person's email, might circumvent the restriction. He was right! Unfortunately, rather than "test 1 2 3" or something, he sent a message, from the president, that all classes had been cancelled. Had he stopped there, maybe it would have been chalked up to a prank. But he went further: The president would be using this free time to, um, entertain amorous visitors at their leisure. So, yeah, expelled. His excuse, when interviewed by the student newspaper, was "I didn't think it would work."

I send unauthenticated email on port 25, every semester, in front of my students, as part of a discussion on internet application protocols. I can't use "God", because the addresses are validated, but I do send "from" the school's IT director. I even give them the commands to do it themselves (along with a strict talking to about how it's not truly anonymous because their network access is authenticated).

I've been able to do it at every university I've studied or worked at.

Many, many years ago when I was in college at the University of Rochester, I found a paper in the computing lab with the root passwords for about twelve machines at Stanford. I emailed them and told them I'd destroyed it but that they should be much more careful. I got yelled at.

Just curious, did you get yelled at because you destroyed the only copy of their password memory aid? ;)

If they were keeping their only copy at an unrelated University thousands of miles away, they had more problems than I thought ;)

I'm actually not sure anymore what the details of their return email was, as it was over 25 years ago. But it was basically, "We will report you to law enforcement if you contact us again."

They must've been really embarrassed to send that kind of response.

This must have been a popular pastime in the 90s as I did the same thing for my university's security on their new, centralized student accounts server. This effort was further aided by there being a predictable salt used for the password hashes that indicated which passwords were still set to the (again, predictable) default pattern. They were kind not to kick me out and not fire me as I was both a student and part time employee in their networking services department.

25 years ago I didn't need to crack anyone's unix passwords- they were all broadcasting them in cleartext every few minutes because they were using eudora or some other mail client, and I had converted an old sun workstation I found into a packet sniffer.

I remember in middle school using "arena" as a password.

"No one will ever guess this!"

At my middle school the default password for all accounts was "linux". The school was Windows (Win2k) only ;) it was around 2006/2007) I had access to a dozent Teacher accounts from oder ones who never used a Computer.

Actually that was the first time that i heard the word Linux and learned the meaning just few years later.

> I'm shocked at how well the old hashing stood up; sure, it's totally crackable today, but a well-picked password still took 4+ days to crack on modern hardware, which is remarkable

It's not because the hash is strong, but the password itself is strong (if the attackers don't know additional information about chess). The sole purpose of using a strong <del>hash or a</del> KDF on password is making low-entropy passphrase harder to crack by increasing the cost of every round, especially for cryptographic purposes. But if the passphrase is already strong (6 random words from the Diceware wordlist), you can use MD5, and I won't be surprised if it takes one year to crack. Having 10 random words is guaranteed to be uncrackable under all circumstances, because it's literally a 128-bit key.

If your password has 80-bit of entropy, it makes even listing all possible passwords (without any hashing or encryption) a difficult job. Symmetric encryption works in a similar way, it's secure not because of the computational resources it takes, but the number of possible keys it has.

What is the moral of the story? Consider to use a password manager!

> But if the passphrase is already strong (6 random words from the Diceware wordlist), you can use MD5...

Is this actually true? Note that you don't need the actual password, just a hash collision.

MD5 is vulnerable to collision attacks, which allows the attacker to control both messages, m and m', and find a case where h(m) == h(m').

But if a hash, h(m), is given, finding m' where h(m) == h(m') is much more difficult, it's known as a second-preimage attack. "Image" basically means "output", "preimage" means "input", "second-preimage attack" means "find another input that has the same output already given here".

Wikipedia says a preimage attack against full MD5 still requires 2^123.4 steps (2009), only a theoretical possibility. Second-preimage should be much harder.

I don't know if there are improvements, but it's still extremely difficult. Well, of course it's not to say that you should use MD5.

A second-preimage attack is where you want to find m' where h(m) == h(m')... and you know m already. This is not very useful for password hashing; it would give you a second password that would also work to log into the account, but what's the point of that if you already know the first password? The relevant attack for password hashing is a regular preimage attack, where you don't know m (and it would be acceptable to find either m itself or any other string that hashes to the same value).

You don't need to know m, just h(m) which is commonly found in database breaches

That's just a "pre-image attack". A "second pre-image attack" is a different scenario, not relevant to password-hashing for the reasons grandparent described, where you already know a pre-image, and must find a different one.

It doesn't seem like it should be obviously true to me. If the hash algorithm was rot13 it would be pretty easy to determine the password from the hash regardless of the strength of the password

Yep, you need both the input and hash to be strong.

A weak hash reveals information about its input, narrowing the search space. In the example case of md5 or rot13, you can use this to compute collisions for a given hash.

Also, a hash that is lightning-quick to compute is faster to brute force. That's why bcrypt has a tunable "cost" factor - to make the hashing take longer and make guessing the password slower.

I used ambiguous language, "strong hash".

I should've used "strong KDF" rather than "strong hash", a hash can be strong for other purposes, but makes a poor KDF for hashing passwords, such as single-round SHA-256.

In the ideal world, if your password is a random word with 128-bit entropy, no strong KDF is needed, there's no need for PBKDF2, bcrypt, or Argon2, a single round of SHA-256 is sufficient.

> In the example case of md5 or rot13

MD5 still has strong preimage/second-preimage resistance, unlike ROT-13.

But nobody uses random 128-bit strings as passwords, here's how key stretching and cost-factor comes to play.

You could argue that ROT13 accidentally has second-preimage resistance because given m, you won't be able to find n≠m where ROT13(n)=ROT13(m). :-)

Some quick (and uninformed) mental maths makes this ~22 random alphanumeric characters:

26 (a-z) + 26 (A-Z) + 10 (0-9) = 62 characters This which can be represented with (just under) 6 bits of information. (2^6 = 64). And 128/6 < 132/6 = 22.

I'd guess quite a few people who use password managers use password this length...

Can ROT-13 really be called a hash though? It's literally an ancient chipher.

By the plain* meaning of "hash", it can't, it's a symmetric cipher.

* Where "plain" excludes a technical or mathematical definition that might include e.g. troll_hash(x) { return 9; }

All ciphers are also hashes.

Using chaining, encipherment of the last block is also a hash of the whole input.

Secure hashes are optimized for different characteristics than typical ciphers, but with enough headroom and time each can fill in for the other.

Of course some are not very good, for either use.

Rot13 is not a hashing algorithm. A hashing algorithm is a one-way function where many entities in the input domain map to the same entity in the output codomain. This means if you have the hash you can't determine the input with out making a guess.

Rot13 is a function with a one to one mapping between the domain and codomain. If you have the output you can apply a function to get the input.

Not sure why the downvotes. Comradesmith's assessment of rot13 is absolutely correct. Clearly rot13 is more like PGP, in that you can recover the plain text from cypher text.

But you don't care about finding the original password. You only care about finding a string that after applying the hash function, gives the same out.

That's why you can have a hash function like h(x) = 0, whose value gives you no information about x, and still not being able to use it.

Really it's because of a mixture of the two. The traditional DES-based crypt is basically a really early KDF - it was intentionally designed to be slow in order to thwart brute-forcing attacks. (Of course, since it was based on the speed of late-70s computers and had a limited password length, it's pretty feasable to brute force with modern hardware.)

MD5 wouldn't be invented for another decade or two...

And "Good news — no pwnage found!" On Troy Hunt's https://haveibeenpwned.com/Passwords

Which shows that it is fairly strongly "unique", since no-one else has used it and been pwned (or he hasn't reused it and been pwned).

I hope this site is not fishing for passwords ...

Its quite truthworthy. Its run by Troy Hunt (known security researcher) and : "When you search Pwned Passwords The Pwned Passwords feature searches previous data breaches for the presence of a user-provided password. The password is hashed client-side with the SHA-1 algorithm then only the first 5 characters of the hash are sent to HIBP per the Cloudflare k-anonymity implementation. HIBP never receives the original password nor enough information to discover what the original password was." from https://haveibeenpwned.com/Privacy

My only concern with the site is some privacy implications. I entered a friend's email just to check for him and it wasn't validated at all, and I found out a few sites he had accounts with. Nothing too concerning was revealed, but privacy for its own sake is a valid goal IMO.

As far as I know hibp specifically hides sensitive breaches (such as the Ashley Madison one) to non-verified access. Also, he basically only shows public data; your privacy was already gone back when the original company failed to secure their servers.

Understood, it's a small complaint, the data is already out there on the web and it's not his fault. But there is value in aggregation or the site wouldn't exist. It makes it easier to just put a few emails in there and see what shows up for fun or malice.

It's great that sensitive breaches are apparently hidden but I'd be wary of judging for other people what is sensitive. Some like Ashley Madison are obvious, others less so.

Are you gonna fire Troy?

Yes, of course.

Actually, I don't understand your comment.

I'm just alluding to the people that got fired and expelled for involving themselves with "passwords" in the comments above.

If you have JavaScript enabled, the cleartext password is hashed in the browser and the hash is truncated, and a list based on the truncated hash is retrieved to be checked against - the only information leaked is that you searched for one password amongst many. Read Troy's articles about how fishing is protected against - I have written the above from memory.

You can download all the hash files if you wish to run purely locally.

Also the site hosting Troy's list is Cloudflare. Cloudflare act as a https proxy for a large number of sites, so they already have access to a large number of passwords.

Yes - the 4 days is cool... you’d hope if some where had been hacked with your pass you would be notified within that timeframe

Would this suggest that 3DES with a sufficiently long password is still safe for now?

This suggests you don't understand how DES-based crypt() worked, so let's take both angles here:

1. Would it be safe to build a password hash like crypt() based on 3DES today?

Maybe, kind of, it depends, don't do this. "Based on" is key here. You'd have to come up with some way to try to use 3DES in this fashion, just as the developers of Unix crypt() used DES. Basically you're trying to build a cryptographic hash out of a primitive that's not really intended for that purpose, you also need to add more salt than the Unix team did back then, and then you need it to run very slowly, preferably on everybody's hardware not just the generic (likely x86-64) general purpose CPU you're using. Lots of people already built _good_ ways to do password hashing in the 21st century, and if none of those are available somehow you should just use PBKDF2 with SHA256 and a nice big iteration count and that'll be tolerable.

2. Oh, I didn't realise, I just meant is 3DES fine for encryption?

You should not do this. The main thing wrong with DES is the key size is too small, which 3DES fixes (effective key size with full 3DES is 112 bits, which is very short today but probably not the biggest hole in whatever security system you're building). But the next biggest thing wrong with it is that it's a block cipher with a small block size, 64-bits. 64-bits is small enough that bad guys may be able to collide your blocks and set fire to everything. To avoid this: Don't use 64-bit block ciphers, go get a real cipher like AES that uses 128-bit blocks. Done. Why are you still here? Could it be secure if you can defuse the collision risk (e.g. you only encipher very small amounts of data)? Sure, but now you're defining the problem to make the choice of primitive look safe, which is always a terrible idea.

Thanks for the great answer. I am not familiar with DES but the reason I wondered about this is because I saw that some VPN hardware devices still has 3DES as an option and even as the default encryption algorithm. I was really baffled by this because I had assumed that 3DES has completely fallen out of favor. So I guess the company isn't choosing sensible defaults. But at the time, I thought maybe they knew something I didn't (although I still switched the algorithm to AES since there's no reason not to).

Doubt it. It took 4 days for just one top of the line GPU. Any dedicated attacker will have farms to parallelize it even further. It’s not exactly linear, but with just 4 GPUs (~$4000; well within the reach of any dedicated attacker), that’s one day. Not to mention the fact that GPUs have still been roughly following Moore’s Law in terms of performance.

It’s probably safe from the casual attacker who just downloads a password list and runs a one word dictionary attack, but for a dedicated attacker, let alone a nation state, it’s not secure.

TL;DR: Just use AES. Even an ASIC isn’t powerful enough for that. Searching the entire key space would take more energy than the universe has. Compare that to DES that can have its entire key space searched in a few days.[0]

Edit: you said triple DES, not single. My point still stands. DES, even 3DES, is not secure. If I can crack a DES password in 4 days, I can crack a 3DES password in 12. AES with a strong password is virtually uncrackable.

[0]: https://en.wikipedia.org/wiki/EFF_DES_cracker

> If I can crack a DES password in 4 days, I can crack a 3DES password in 12

It's multiplicative, not additive. 3DES is about 2^56 times as difficult to crack as DES. (Not 2^112 times because there is an attack that effectively limits it to twice the effective bits of DES, rather than the three times you might expect at first).

> there is an attack that effectively limits it to twice the effective bits of DES

* Meet-in-the-Middle attack.


This attack is surprisingly simple, if you encrypt the message twice by

    ciphertext = encrypt(encrypt(message, key1), key2)

    decrypt(ciphertext, key2) == encrypt(message, key1)
An important security property all symmetric ciphers should offer is immunity to chosen-plaintext attack, if the attacker controls "message", it shouldn't make the cipher more easy to crack.

But in this case, the attacker can obtain all the 2^56 possible encryption of message by enumerating key1, put it in a lookup table (assume the table-lookup time is O(1)) , then we can try all possible decryption of ciphertext by enumerating key2. Then compare it with the lookup-table for a match, bingo!

If key is 56-bit, the attacker gets 2^56 outputs for the left side, 2^56 outputs for the right side, total number of operations is 2 x 2^56 == 2^57, not 2^112.

To increase the security claim to 2^112, we need triple encryption, not double encryption, thus 2DES is never used.

The idea that simple double-encryption doesn't work because of such a simple attack shocked a lot of newcomers.

This is mostly irrelevant in the context of password hashing however. We're simply feeding passwords into a blackbox at X/s until we get a match. 3DES runs at approximately X/3 compared to DES. If it takes 4 days to feed a bajillion passwords into DES, it takes 12 days to feed the same number into 3DES.

It might be relevant, because the original asker said "with a sufficiently long password". (Implicitly: with a password longer than 8 characters that the original DES scheme would allow.)

It's more complicated than this, because there are known attacks against 3DES. It's at most 2^28 times more complex, AFAIK, but there are probably better attacks than the few I know.

Are any of these attacks relevant to password cracking?

> It's multiplicative, not additive. 3DES is about 2^56 times as difficult to crack as DES. (Not 2^112 times because there is an attack that effectively limits it to twice the effective bits of DES, rather than the three times you might expect at first).

If you’re using 3 different keys, yes, that makes sense. But if you’re just keystretching one key, wouldn’t it just take 3 times as long because you encrypt, decrypt, encrypt (3 processes)?

3DES is a little more secure than plain DES (but still worse than AES)

I had a password for an old school system (which I wrote) that was "any 21 characters where the 21st character is a 'z'". People would watch me type it (mashing 20 keys then the 'z') and be amazed I could remember a password that long.

I have a similar anecdote. I had a password that was 14 characters long, for a school system too. One day I mistyped it and it still worked. I was puzzled and discovered that it actually took only the first 8 characters into account. From that day, whenever someone was around, I typed the first 8 characters as fast as I could (pretty fast as it was something I typed in quite often) and then I continued to type random stuff like crazy for a few seconds then hit enter and loved to see how people face when they saw it working like if what I typed actually was my exact password.

I discovered that's the way my banking app actually worked until only a few updates ago. The password was originally limited to 8 characters (why this was the case for an online bank password is beyond me) but the app would allow you to enter more characters into the password input. It only accepted the first 8 characters though so anything you entered after those was ignored. I discoveres this when I mistyped my password adding an extra.character at the end and hitting submit without thinking and was amazed and kind of worried to find it still worked.

I’ve had the goddamn Citibank _require_ that I use a password 6 or 7 characters long on one of their systems. This year (2019).

What system is this? I had used a 20+ character password on their website using my password manager to enter it every time. One day they said the password was wrong, which was unlikely since the password manager was entering it. I ended up doing a password reset and set it to something shorter like 15 characters, and then it worked. I don't know if they truncate or not, but they've definitely allowed much longer passwords than 6 or 7 characters. I've hit this issue with their website more than once so I know they've fixed it and re-broken it a few times in the past.

I think it was the one for showing you the pin of a corporate credit card.

Another bank I had around 3 years ago used only the 5 first characters, and these 5 first had to be numbers.

I guess anyone can just hack a password in like 1 second on a phone or something?

When I was living in Puerto Rico for work, the local credit union I was using had this same problem. Although the tooltip and messaging on the page said 8-16 chars, only the first 8 were used, and from my testing it had to be case insensitive.

I promptly updated my direct deposit with my employer and used my more secure off-island bank as the destination for the majority of my pay, and had only the minimum required to avoid fees and act as spending money put in that acct.

This was the case for Vanguard for a long time... also, it wasn't case sensitive. I'm not sure when it changed, but I think it was in the last couple years.

It's more fun when they limit you to X characters (no special characters!) while choosing the password but let you input any number of characters when logging in, and failing you when you typed too many.

Hey that's actually a neat idea! You could expand upon that system by having it only check the 2nd, 5th, 10th, Nth etc. characters.

So people could type in different gobbledegook each time between the characters that matter.

To further defeat keyloggers, shoulder snoopers etc., let each valid character be an option from a set of two or more characters.

So, if my password is: Any 8 characters, but 2nd character must be A/B/C/x/y/z, and the 6th must be !/@/# then I could type:



or any other valid combinations to get in.

How more secure would something like that* generally be compared to static passwords?

* (Of course this is a simplified example for illustration. In practice you'd use more characters/options.)

> How more secure would something like that generally be compared to static passwords?

It's not secure at all. If someone knows the rules of the system, the entropy on that is tiny, because it's basically a 2 letter password with only 6/3 options.

The only security would be from the obscurity of the attacker not knowing the password rules.

> because it's basically a 2 letter password with only 6/3 options.

That was obviously an oversimplified example to explain the rules.

In practice you could make it as obscure as you want, while keeping it easy for you to remember.

Like the sentences I just typed here. No limit on the number of characters. I could enter different long sentences each time, as long as the characters at specific positions match certain sets.

There is no way that "use a (proper) subset of the characters for bits of entropy" is going to beat "use all the characters for bits of entropy". Almost by definition, the second is going to have more entropy.

You're not getting anywhere, because people trying to guess your password don't have to guess your scheme. All you're doing is making it easier for them. There is no sense in which you are making it harder.

In the optimum case, you'd require them to get the right characters in the slots you're counting, but to not use the wrong characters in the slots you're not counting, thus demonstrating that they actually know the scheme in question and aren't just getting lucky. There would be exactly one character you'd accept in the slot you're counting, and there would be exactly one character they could use to indicate they understand your pattern in the slots you're not counting. This maximizes the chance they have proved to be in possession of your password, rather than just getting lucky because you didn't count their misses. This is, of course, simply using a password normally.

That's just the same thing as a password, though. Even a short password is still just ensuring that specific characters are in specific positions. The only situation where this would be useful is against people with physical or viewable access to the password being typed.

> In practice you could make it as obscure as you want,

If only that made it as secure as you want.


And they would almost certainly know the password rules, because anyone making an account would have to be told the rules in order to understand what was happening.

Unless the rules were unique and hidden for each user!

    User1: 1,3,7,10,12,15
    User2: 2,3,5,8,10,13
I think we’re on to something big.

It's complicated enough for people to remember 8 character long passwords, good luck with an additional level of complexity.

Each user could provide their own rules.

If I had a key logger on your system, I'd just try;

Bam. Access granted.

If you had a keylogger, it wouldn't really matter how good your authentication scheme is…

Keyloggers aren’t very useful when authentication uses TOTPs from a hardware token.

TOTPs from a hardware tokens aren't very useful if system doesn't support TOTP as an auth backend.

But if each of those is a valid password, how does it defeat keyloggers or shoulder snoopers in any way? They just have to type in the same password.

Now, if the rules were totally secret, you could make it such that each time you used a password, it was no longer valid. That would defeat the keylogger, while still allowing you to remember your 3 special characters. But of course you can't ever assume your rules are secret (security by obscurity and all that).

> You could expand upon that system by having it only check the 2nd, 5th, 10th, Nth etc. characters

A bank I use does something like this. On account creation you give it a long key string and on subsequent log-in it asks for three different characters (e.g. the 4th, 3rd and 9th characters) from the string.

You can "impress" people this way still, just by surreptitiously typing Ctrl-u to clear what you've typed so far.

I'm guilty of that. I tend to mistype my passwords a lot, since I try to keep them pretty complicated, but since I usually realize quickly enough to imperceptibly hit Ctrl-U and retype in a smooth motion, I just let onlookers believe that my password is very, very long.

You password is "the21stcharacterisa'z"

Such a funny idea. I’d would have loved to see people’s faces when you typed it in.

>Since the DES-based crypt(3) algorithm used for these hashes is well known to be weak (and limited to at most 8 letters)


How is that 8 letters?

The part before : is the hash, the part after is the cracked 8 character password.

Honestly, that confused me too. I really thought the whole password was that long.

Same here, thought it strange they could brute-force such a long password! Even with MD5.

Lol I‘m familiar with chess notation but was so confused by this that I was googling to see what chess move uses a “Z” :(

Ditto. I was like, I get the pawn moving from Queen 2 to Queen 4, but what’s that stuff before the colon?

Thank you for explaining this.

still 13 characters...

edit: LOL, I guess I'm a little dumb today

"p/q2-q4!" is the password, "ZghOT0eRm4U9s" is the password's hash. "p/q2-q4!" is 8 characters.

Very easy to type as well

The password is p/q2-q4! which is 8 characters.


That is the password. 8 characters.


If anyone is curious, the equivalent in modern notation is “1. d4!”. Moving the pawn in front of the queen forward by two spaces. The exclamation point indicates that the annotater believes it to be a particularly strong move (describing a standard move from opening theory that way is a bit tongue-in-cheek).

Yes. The smugness in the exclamation mark is quite funny in a way that keeps me grinning for way too long. It's a bit like a three-year-old declaring "I've got shoes on!"

Yes, "1. d4!" and "1. e4!" are a sort of a Grandmaster joke in chess, showing their strong preference for one the classic competing openings.

What does the p/ part mean? My chess experiences is all after the popularity of descriptive notation...


p : pawn

/ : at

q2 : queen's file, rank 2

- : moves to

q4 : queen's file, rank 4

! : good move!

Oh hmm, I didn't realize the notation was so unnecessarily verbose :) Of course it's a pawn moving from q2 to q2, that's the only thing there at the beginning of the game!

Actually in descriptive notation the move would have been:

Ken padded this out to 8 characters.

That makes way more sense!


Right after finishing Electronics vocational school I spent the next year working as an intern at Unicamp (Campinas University in Brazil). The job was at the computer lab of the School of Electrical and Computer Engineering[1]. This was before ethernet (yeah, I' that old), so dumb terminals were linked to the CPUs through RS-232 cables - when I was not burning my fingertips soldering DB-25 connectors I was tinkering with every computer I could get my hands on.

I saw /etc/passwd and asked my boss how to decrypt the passwords. He told me it was a one-way encryption, so the login program would just encrypt the password you provided and compare to the encrypted value. He went on explaining the old crypt algorithm and even made a bet I could not guess his password. He said it was related to a movie.

So at 17 I was hooked and started studying the sources. In the end I just patched and recompiled the passwd binary to store clean text passwords in a hidden file. Later I learned this was called a trojan horse.

And even now, 30 years later, I remember his face when I told the movie was Citizen Kane and his password was "rosebud".

Thank you Miguel and Gorgonio for teaching me about C and Unix! This knowledge paid my rent for 3 decades and I still love the job.

[1] http://www.internationaloffice.unicamp.br/english/teaching/g...

[2] https://en.wikipedia.org/wiki/RS-232

One lone password from the original list, Bill Joy's password, is still uncracked as far as I can tell. Bill Joy is the co-founder of Sun Microsystems, author of vi, and a key developer of BSD UNIX. He apparently picked the best password.

Here's the /etc/passwd entry:

  bill:.2xvLVqGHJm8M:8:10:& Joy,4156424948:/usr/bill:/bin/csh

It's now been cracked - and now we know why it took so long:


I already checked all passwords made of any printable character up to 7 symbols length. Full 8-symbol bruteforce will take about 120 days on my hardware, so I prioritized passwords with no special symbols first.

Does anyone with hashcat and GPGPU want to join me?

Preimage found and about to be disclosed: https://inbox.vuxu.org/tuhs/90ffe509-76b5-6629-c55a-7785815f...

And yes, again it is related to chess.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact