back to article Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

Back in 2014, developer Leah Neukirchen found an /etc/passwd file among a file dump from the BSD 3 source tree that included the passwords used by various computer science pioneers, including Dennis Ritchie, Ken Thompson, Brian Kernighan, Steve Bourne, and Bill Joy. As she explained in a blog post on Wednesday, she decided at …

  1. PeterO

    I had the opportunity to spend a few minutes with Ken Thompson when he visited The National Museum of Computing a few weeks ago :-)

    https://twitter.com/tnmoc/status/1173244229138681861

  2. Cronus

    As I understand it an eight character password would have been hashed in a much less secure method back then than now. Modern passwords are hashed in such a way as to take a long time to compute in order to resist brute-force attacks.

    1. vgrig_us

      Yep. Default on Linux (centos at least) is sha256 I think. Before that - it was salted md5...

    2. Fruit and Nutcase Silver badge
      Coat

      buggerme

      1. Ken 16 Silver badge
        Trollface

        That meets the length requirement but you should probably mix the case and add some special characters.

        1. Fruit and Nutcase Silver badge
          1. phuzz Silver badge
            Devil

            Several of my passwords over the years have contained swearing. It's quite cathartic to tell a machine 0hFuck0ff! or similar.

            (Not my actual password)

            1. ISP

              I've always found Rogers Profanisaurus a useful source of passwords.

              1. Anonymous Coward
                Anonymous Coward

                Bollocks.

                1. Fruit and Nutcase Silver badge
                  Joke

                  B0lloxsT0Brex1t

                  The ultra secret, no one will ever guess password probably used by Nigel Farage

            2. Anonymous Coward
              Anonymous Coward

              When I worked as a BOFH, I ran L0phtcrack against our system. Within seconds it found one user's password was "fuckoff". He was quite apologetic when I emailed it to him.

              1. Anonymous Coward
                Anonymous Coward

                re: He was quite apologetic when I emailed it to him.

                Really? I'd have told you to do my password then gone over your head to find out why you were fuckarsing around cracking passwords instead of doing some work....

                1. Waseem Alkurdi

                  Re: re: He was quite apologetic when I emailed it to him.

                  Standard penetration testing procedures. Part of the job.

                  1. This post has been deleted by its author

                    1. vulture65537

                      Re: penetration testing --really?

                      "early Solaris" meaning as far as part of the Solaris 9 series - really quite recent

                    2. stiine Silver badge
                      Facepalm

                      Re: penetration testing --really?

                      until about 6 years ago (or more, i don't remember), hotmail.com passwords were truncated at 15 characters before being passed to the back end, and 6 years ago (or whenever it was) they changed their login page to stop truncating the password before submitting it. this meant that my 16 character password that I had been using suddenly stopped working. I was able to log in by simply pasting my password and hitting backspace.

                2. Jimmy2Cows Silver badge

                  Re: doing some work

                  Bit harsh. Talk about a master of sweeping statements! How do you know that wasn't OP's work?

                3. heyrick Silver badge

                  Re: re: He was quite apologetic when I emailed it to him.

                  "why you were fuckarsing around"

                  Funny. I would have thought The Big Boss, The Bean Counters, and the BOFH were the three groups that you never tango with.

                4. Anonymous Coward
                  Anonymous Coward

                  Re: re: He was quite apologetic when I emailed it to him.

                  This is why you'd wind up in the tape vault. Or pushed down an elevator shaft. Or any of the other BOFH ways of eliminating problems.

                5. The Oncoming Scorn Silver badge
                  Pint

                  Re: re: He was quite apologetic when I emailed it to him.

                  SOP for a BOFH IMO.

                6. FIA Silver badge

                  Re: re: He was quite apologetic when I emailed it to him.

                  Really? I'd have told you to do my password then gone over your head to find out why you were fuckarsing around cracking passwords instead of doing some work....

                  Really? I always thought a good sysadmin should do exactly that?

                  Get rid of all the silly requirements that don't actually make passwords harder to guess, and just run a constant crack against everyones password. When found, force a password change on the account, send the user an email explaining why.

                  The people with good passwords don't get bothered, the people with poor ones will hopefully soon learn.

                  Much better than 'change your password every 3 seconds' that seems so popular.

              2. Anonymous Coward
                Anonymous Coward

                I'd have changed it for him, to something appropriate.

                1. imanidiot Silver badge

                  New password: fuckoffyourselfyougit!

            3. Anonymous Coward
              Anonymous Coward

              cathartic

              Sweary passwords are ok until you're logging in to a machine with a big screen monitor in front of an audience, and you type your password into the username field.... fortunately I realised at 4 innocuous enough characters in... but I've been a bit more careful since. I don't know why there isn't an option to blob out usernames.

              1. veti Silver badge

                Re: cathartic

                If you got 4 characters in before it became offensive, it can't have been *that* sweary...

            4. Tikimon
              Thumb Up

              Why only English?

              "Several of my passwords over the years have contained swearing"

              ALL of mine do. However, they're foreign cuss words (and nothing easy like scheisse) from several languages. I also include idiosyncratic spelling for certain words. So much for dictionary attacks, it'll have to be random-character and grind grind grind.

              1. Glen 1

                Re: Why only English?

                Bonus points for non ASCII, triple word score for Unicode

                1. werdsmith Silver badge

                  Re: Why only English?

                  For some applications, I've given up with the password and just go round the the forgotten password procedure every time I need to use it.

      2. Solarflare

        Eh, at least buy me a coffee first?

    3. rcxb Silver badge

      The Reg statement is correct...

      Modern, salted passwords prevent the use of rainbow tables, but those weren't used here. It was brute-forced.

      Modern hash algs use more CPU time, but only by a factor of 3X or so.

      Meanwhile, each character added to lengthen your password *exponentially* increases the time needed to brute-force it, as long as it is actually a random selection and not a predictable variant.

      1. brotherelf
        Boffin

        Sorry, if it doesn't have an adjustable iteration count, it's not a modern password hash algorithm.

        (And no, I don't make the individual UX/load/security tradeoff for every individual machine either, even though for local auth on a desktop, where the password is checked only on login/unsuspend/screenunlock, I could easily set the iteration count to the equivalent of half a second without any serious effect.)

        1. Michael Wojcik Silver badge

          Sorry, if it doesn't have an adjustable iteration count, it's not a modern password hash algorithm.

          Even that isn't enough. If it's not memory-intensive (and not just compute-intensive), it's not a modern password hash algorithm. The state of the art has moved on from simply using large-range cryptographic digests with salts, like SSHA512. Simple adjustable-compute-cost algorithms like PBKDF2 (with common PRFs such as HMAC-SHA2) and bcrypt are starting to get long in the tooth.

          Argon2 and scrypt qualify as a modern password hash algorithms.

      2. Joe Montana

        DES

        The DES algorithm used by ancient unix systems (ie the one mentioned in this article) is also salted.

        But it only supported a maximum length of 8 characters, so increasing the length was not possible.

        It was good enough at the time, and easily swapped out with a stronger algorithm.

        1. Julz

          Re: DES

          Kind of worse than that. The interface accepted an arbitrary input character/string length but only used the first eight to generate the hash.

          1. Carpet Deal 'em

            Re: DES

            Hopefully this was the same for both the login and password creation screens. There are lots of fun sites that only truncate one and not the other,

            1. Anonymous Coward
              Anonymous Coward

              Re: DES

              It annoys me that websites that have arbitrary password rules don't show them on the login page.

              "So, was this the site where the password had to include the phase of the moon on my 18th birthday?"

              1. Wayland

                Re: DES

                Yeah so you're forced to include a number when you created the password but your usual password is not working when you come to log in. That is sort of the point.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: DES

                  Well yes, but I have a scheme to work out a password based on the website I'm on so I don't have to hold hundreds of different passwords in my head. Arbitrary rules breaks it.

                  1. This post has been deleted by its author

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: DES

                      Trust a third party with all of my passwords. Great idea.

                      1. This post has been deleted by its author

                        1. Roland6 Silver badge

                          Re: DES

                          >You run the password safe on your own machine. It's not in the cloud.

                          Okay if you only run one device etc. etc.

                          Once you start using multiple (real/virtual) devices (ie. ubiquitous computing) you need that safe to be in the cloud and sync'd.

                          We, in IT, need to simply accept that Joe Public will want to write credentials down and will want to use simpler passwords. Yes, there are security risks however, we can mitigate some by good design of the login process (specifically the handling of failed attempts, but also use additional information to increase effective password length) and others by appropriate security of the at rest credentials on the server.

                          1. Doctor Syntax Silver badge

                            Re: DES

                            "you need that safe to be in the cloud and sync'd."

                            What if that option were not available to you? How would you handle it? You'd just sync one device to another directly. Or do you genuinely have a situation where you never have two devices in the same place at the same time?

                            1. Roland6 Silver badge

                              Re: DES

                              "you need that safe to be in the cloud and sync'd."

                              What if that option were not available to you? How would you handle it?

                              Well, to me 'cloud' is both public and private, what is key is simplicity of access and sync. which implies some form of networked solution.

                              You'd just sync one device to another directly.

                              Interesting, distributed/mesh credential management. definitely possibly via bluetooth. Support for personal area networking is probably a must have feature for credential managers going forward.

                              Or do you genuinely have a situation where you never have two devices in the same place at the same time?

                              Well, I genuinely have times when devices are in the same place but on different networks, but both with internet access. Yet both could be associated via the same bluetooth/personal area network.

                    2. Anonymous Coward
                      Anonymous Coward

                      Re: DES

                      Also another reason why this is a terrible idea:

                      When my girlfriend asks "What's the password for the Sainsbury's account again?"

                      1. This post has been deleted by its author

                        1. Roland6 Silver badge

                          Re: DES

                          You pick the 'phone up, access your private database on it with your master password, and read her the supermarket password.

                          How it works in the real world:

                          My partner and children know my phone's unlock code - it helps them answer the phone, send messages on my behave whilst I'm driving.

                          Because it is inconvenient to always have to enter the master password (typically 12+ characters), the "keep me logged in" is ticked. But as this is the Sainsbury's account, my partner already has the password on their devices...

                          An increasing pain (when running joint accounts etc.) is the upgrade of security on online bank card transactions, where as part of the transaction the bank sends a code to a (and it is only one) mobile phone - which naturally isn't the one to hand...

                        2. Michael Wojcik Silver badge

                          Re: DES

                          you can run the password safe on your cellphone. It's that portable device you have

                          Right up until you don't have it, because you forgot it, or the battery ran down, or you lost it, or it was stolen, or it broke.

                          Yes, let's use a physical key that's difficult to copy, valuable, and fragile. That's a terrific idea. Nothing could possibly go wrong there.

                    3. Michael Wojcik Silver badge

                      Re: DES

                      Staple Horse Battery is incorrect. Here's why:-

                      https://diogomonica.com/2014/10/11/password-security-why-the-horse-battery-staple-is-not-correct/

                      (Sigh. You could at least try to get the phrase correct.)

                      Monica makes some decent points, but he's arguing a different question. His complaint about Munroe's comic is ill-founded. He also relies on incorrect assumptions.

                      First, he claims "As a community we did a great job incentivizing the use of bcrypt and scrypt, and humiliating those who use bad password hashing mechanisms". That is utter rubbish. In breach after breach we see disclosures of password-verifier databases that do not use strong hashing mechanisms. It will be years before there's a decent probability that exposed verifiers won't use weak hashes. And unless a user knows that the entity computing the verifier is using a strong hash, long passphrases beat short passwords with a complex alphabet. Munroe is completely correct about that.

                      Second, even against resource-intensive hash algorithms like scrypt and Argon2 (bcrypt is not in the same class, since it's only CPU-intensive), dictionary attacks with reasonable-size dictionaries still work well. And users often still choose weak passwords that appear in such dictionaries.

                      Third, Monica fails to consider attackers who steal resources (e.g. using leaked AWS keys), and attacks which iterate over IDs using the same password, avoiding lockout and common throttling mechanisms. Assuming that brute-force is only feasible for nation-state attackers is flat-out wrong.

                      Finally and most importantly, Monica's basic argument is that human-memorized passwords are the wrong protection model, and we should encourage something else. Well, essentially everyone in IT security has been saying that for decades. It's not a controversial or underexposed position. And it's irrelevant to questions about how to structure strong human-memorable passwords, which is still a requirement unless you want users to rely exclusively on other classes of verifiers (the "what you have" and "what you are" classes). And there are significant issues with the latter position, which introduces a significant attack surface with some very bad failure modes.

                      In any case, arguing against human-memorized passwords does not respond to Munroe's comic. It's a different threat model. You can't claim to make motorcycles safer by telling everyone to ride the bus instead.

                      1. Doctor Syntax Silver badge

                        Re: DES

                        "attacks which iterate over IDs using the same password"

                        There's another place where chances are being lost - using the same ID on multiple sites. It doesn't help that so many sites insist on using the customer's email address as an ID and most people only have one. Dishonourable exceptions in my case are bank and GP both of whom allocate reasonably predictable IDs.

                    4. Andy Mac

                      Re: DES

                      I’m nit sure if anyone looks at the those passwords, they just script something to push all the hacked accounts at different sites to see what sticks.

                      As a side note, an 8 char password of lowercase letters and numbers of mine was lost as part of the Adobe hack. According to Have I Been Pwnd, it’s never been cracked.

                    5. werdsmith Silver badge

                      Re: DES

                      The password based on the site is fine as long as you use an obscure formula to create it. You only have to remember the formula and it can obfuscate the link to the site.

                    6. John Robson Silver badge

                      Re: DES

                      Not incorrect, just incomplete.

              2. MX9000

                Re: DES

                Yes, with encrypted databases to store passwords, it would be great if site could specify their MAXIMUM Password length, they'll accept. A full string support would be nice, or at least 256 characters.

                1. EnviableOne

                  Re: DES

                  if the password is hashed it doesnt matter how long it is, as the hash will always come out the same length.

                  So there should be no maximum length, unless the people storing it are doing something dodgy.

                  1. FlippingGerman

                    Re: DES

                    Trying to give some a terabyte-sized password would cause a few problems. Reasonable limits seem...reasonable.

              3. red floyd

                Re: DES

                Yeah. I hate it when I create a password, and then the site says, "Your password must have ${RULE1}".

                So I try again with a password that meets ${RULE2}, and it says, "Your password must ${RULE2}".

                Just give me the bloody rules UP FRONT!!!

                1. heyrick Silver badge

                  Re: DES

                  "Just give me the bloody rules UP FRONT!!!"

                  And please make the rules reflect the importance of the site, too.

                  One of the most complicated passwords I have is for ARM just to download a frigging datasheet.

                  Upper case, lower case, numerical, a symbol, eight hundred characters minimum, three runes, a curse in Arameic, and letters in at least six different colours. WTF? To download a datasheet?

                2. Michael Wojcik Silver badge

                  Re: DES

                  Not that long ago I had to create a password for some site that simply told me a password was "unacceptable", with no further details. Now I've forgotten what site it was. I think I simply gave up and didn't create an account.

                  And I remember some time back using one which silently removed "special characters" from the password entry fields - and used different filters for password creation and user authentication. Took a while to figure out what was going on there.

                  (Of course, any application which has to filter out special characters from user input is broken and the developers should be sent for remedial training. Injection attacks are a real problem, but you fix them by not passing tainted data into evaluation mechanisms, not by blocking user input. Just the other day I was asked to write a comment on a site which - again silently - stripped out most punctuation characters, including semicolons, parentheses, and hyphens(!). As if those aren't fairly important in English prose.)

              4. FIA Silver badge

                Re: DES

                It annoys me that websites that have arbitrary password rules don't show them on the login page.

                If you're going to artificially limit the brute force search space it's probably best not to advertise it on the front door. ;)

                1. Doctor Syntax Silver badge

                  Re: DES

                  I agree you shouldn't show them on the login page. But show them on the password setting page.

        2. Roland6 Silver badge

          Re: DES

          >It was good enough at the time, and easily swapped out with a stronger algorithm.

          Well given what was involved:

          "The cracking effort took more than four days on an AMD Radeon RX Vega 64 running hashcat at a rate of about 930MH/s."

          I suggest it is still good enough for many purposes today.

          Obviously once someone creates the relevant rainbow table things are a little different.

          1. J27

            Yeah...

            That's a fairly typical gaming CPU. You could crack the same password using a cluster of cheap cloud-hosted servers much faster. People who crack passwords professionally use much more powerful hardware than that of a typical gaming desktop.

        3. Persona Silver badge

          Re: DES

          I recalled that was the case too. Anything you typed after the first 8 characters was truncated and did not affect the hash.

          All of which is a bit odd as the password guessed by the computation is 13 characters. This suggests it is not Ken's password but something else that when not truncated hashes to the same value.

          1. mr_souter_Working

            Re: DES

            no, the hash is 13 characters - but the password was p/q2-q4! - only 8 characters

            1. Persona Silver badge

              Re: DES

              Duh! That makes more sense

          2. This post has been deleted by its author

        4. vulture65537

          Re: DES

          https://www.usenix.org/publications/login/december-2003-volume-28-number-6/end-crypt-passwords-please

          December 2003 article on the limitations of old DES crypt()

        5. nagyeger
          Stop

          Re: DES

          and easily swapped out with a stronger algorithm.

          Pardon? Easily? I remember it as a major headache back when I was doing it in the early 90s.

          But maybe you're thinking of when people started trusting this modern shared library malarkey and blithely accepting the risk of taking out every method of logging into the machine just because of a transient data error on your SCSI bus, rather than doing it the traditional way of using static linking for anything that was recovery-critical.

      3. DavCrav

        "Meanwhile, each character added to lengthen your password *exponentially* increases the time needed to brute-force it, as long as it is actually a random selection and not a predictable variant."

        It's still exponential unless there is a unique predictable way to extend it.

        1. Wayland

          Your password cracker should be programmed to try 1,11,111 and 1,12,123 type of variations first before going through the whole ASCII set.

      4. Anonymous Coward
        Anonymous Coward

        It's not the speed one iteration of the algorithm that's important, but the rounds. If you run 1000 rounds of DES it would take a lot longer to brute force.

        1. J27

          Yeah...

          Or you could just use a more complex hash format. There are lots that don't suffer from some of the cryptographic weaknesses that DES does.

      5. Roland6 Silver badge

        >as long as it is actually a random selection and not a predictable variant.

        For some versions of "predictable".

        Having got Ken's password and understood the notation being used, it is entirely predictable.

        1. Anonymous Coward
          Anonymous Coward

          "Having got Ken's password and understood the notation being used, it is entirely predictable."

          Hindsight is always 20-20 vision.

    4. Joe Montana

      DES

      On a unix system yes, the algorithm would have been DEScrypt.. Many years ago someone built an FPGA setup which could brute force any DES password in a few hours.

      DES passwords also had a maximum length of 8 characters, so it simply wasnt possible to have a longer password.

      Modern unix systems would use crypt-md5, crypt-sha512 or bcrypt which are much stronger than DES and support much longer passwords.

      On the other hand, even the latest versions of windows still use NTLM which is based on MD4. They also use an AES based algorithm as well, but it's not possible to migrate entirely to a new algorithm like unix can because the hashing algorithms are an inherent part of network authentication protocols among other things - so the newer algorithm can largely just be ignored.

      NTLM is not salted, although it does support longer passwords than DES, generally NTLM is even faster to crack than DES - especially if you're going after multiple hashes in parallel.

      You can also in many cases pass the hash, which renders the encryption algorithm totally irrelevant anyway as the hash becomes an equivalent of plaintext.

      1. Anonymous Coward
        Anonymous Coward

        Re: DES

        > On the other hand, even the latest versions of windows still use NTLM which is based on MD4. They also use an AES based algorithm as well, but it's not possible to migrate entirely to a new algorithm like unix can because the hashing algorithms are an inherent part of network authentication protocols among other things - so the newer algorithm can largely just be ignored.

        This hasn't been entirely true for some time now. Plain old Windows, configured for basic local auth, will still use NTLM/MD4, but that's one of many auth options, even for home users.

        Network authentication has been standardised on Kerberos/AES for years, though unfortunately MD5-based Kerberos is still a necessary evil for places that still insist on running 15 year old domain controllers.

        1. Anonymous Coward
          Anonymous Coward

          Re: DES

          Look, how many more times?! We only want Windows information from Linux users so we can carry as we always have. Much easier to have massive knowledge of Linux and a fleeting aquatintance with Windows than actually be competent on both.

          So post things like "ha ha, Windows is so old fashioned and badly designed that you can't do real work on it!" and you'll fit right in.

          1. Will Godfrey Silver badge
            Angel

            Re: DES

            But, but...

            What about the beleaguered commentards who'd rather not have any Windows information at all?

        2. Anonymous Coward
          Anonymous Coward

          Re: DES

          > necessary evil for places that still insist on running 15 year old domain controllers

          Or for places that have old line-of-business stuff running on old Solaris boxes that are still on an old version of Solaris.

          Like wot we used to.

          (The version of smbd supplied couldn't accept anything other than NTLM and newer builds of smbd wouldn't build..)

      2. phuzz Silver badge
        Gimp

        Re: DES

        It's worth pointing out that NTLM (and NTLMv2 which uses HMAC-MD5) have been depreciated since 2009, and if you're administering a Windows network these days you should totally disable NTLM and just use Kerberos with AES instead.

        1. Dangermouse 1

          Re: DES

          Deprecated, not depreciated :)

          1. This post has been deleted by its author

          2. Anonymous Coward
            Anonymous Coward

            Re: DES

            Only bean counters are authorised to depreciate.

            1. The Oncoming Scorn Silver badge
              Terminator

              Re: DES

              & certain androids equipped with the new GPP feature.

              He's a personality prototype - You can tell can't you.

              https://miro.medium.com/max/480/1*FbuZTlwr8BkpQw7ElHCisg.jpeg

      3. Antron Argaiv Silver badge
        Thumb Up

        Re: DES

        I had occasion to crack the root password on an ancient SGI Indigo Irix system several years back.

        Logged in on a demo account, grabbed the /etc/passwd file, moved the appropriate line to my PC, and

        John the Ripper produced the correct root password in less than the amount of time it took me to get a cup of coffee.

      4. Jason Bloomberg Silver badge
        Holmes

        Re: DES

        DES passwords also had a maximum length of 8 characters, so it simply wasnt possible to have a longer password

        Though one presumes a longer than 8 character password could be split into 8 character chunks, with padding as necessary, hashed separately, then concatenated.

    5. Anonymous Coward
      Anonymous Coward

      "As I understand it an eight character password would have been hashed in a much less secure method back then than now. Modern passwords are hashed in such a way as to take a long time to compute in order to resist brute-force attacks."

      While the less secure hash method (likely 25 rounds of DES salted with MD5) is an issue, the length offers little protection against a determined attacker. This took 4 days on hardware worth around £1000 (£770 for a PC, £300 for a RX Vega 64 GPU).

      Using a faster setup as detailed here (a mid-range Brutalis at $25k - https://terahash.com/#appliances) you get the performance documented here:https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40

      This raises the hash rate from ~1GH/s to 200GH/s for MD5/24GH/s for SHA256/8GH/s for SHA512 so an 8 character password will be found in under a day regardless of hash used assuming it is a crypt password.

      Realistically, you want double that password length or longer for anything important. Which then leads to the "use a password manager" advice.

      1. Roland6 Silver badge

        >Using a faster setup ....

        This raises the hash rate ... so an 8 character password will be found in under a day regardless of hash used assuming it is a crypt password.

        Very useful information, however, given the typical password breech of recent times- a million or so sets credentials, what does this mean?

        I suggest that most purposes eg. El Reg login, an 8 character password is sufficient, provided it is based on an uncommon pattern involving mixed alphanumeric and symbol characters. Naturally, as the password breeches have also shown, much depends on how the passwords have been hashed, salted (or not) and stored.

        1. rcxb Silver badge

          I suggest that most purposes eg. El Reg login, an 8 character password is sufficient, provided it is based on an uncommon pattern involving mixed alphanumeric and symbol characters

          So... P@55w0rd!

          You're just so much better off with a nice long passphrase. Four random words, slightly randomized variations of their spelling, capitalization, spacing, etc., and you're extremely secure, with no more effort than memorizing a super complex string of random characters. The only valid excuse I've seen for short passwords is cumbersome input devices on phones and the like.

          1. Charles 9

            Or terrible memories. As I always put it, "Was it correcthorsebatterystaple or donkeyenginepaperclipwrong?"

        2. Anonymous Coward
          Anonymous Coward

          It means that for a typical password breach consisting of e-mail addresses and passwords consisting of salted (so we can't use a precomputed table) SHA256 hashes, we can manage 24 billion hashes (gigahashes or GH) a second on a dedicated hacking rig.

          Number of hashes required for a typical password is ((# of possibilities)^(characters in password))/(hash rate/s * time)) to get days required:

          Characters

          Password set 8 10 12 14

          Alpha (lower): <1hr 2hr 46d 85yr

          Alpha(upper/lower): 1hr 70d 516yr 1.3Myr

          Alpha+Numbers: 3hr 1yr 4.3Kyr 16.3Myr

          Alpha+numbers+symbols: 3d 88yr 808Kyr 7.5Byr

          This assumes worst case where the entire password space must be exhausted. With dictionary attacks, passwords from previous password dumps and common password patterns (i.e. word##/word19##/wordword##/wordword19## using dictionaries and then same again with symbols as first or last character, common letter/number/symbol substitutions and foreign language dictionaries based on e-mail domain - there are more common patterns as well) you may only need to 1% of the total time to get >90% of the passwords based on typical dumps (https://wpengine.com/unmasked/).

          My opinion?

          - 8 characters or less is a day or twos effort on a standard gaming PC with a GPU that works with hashcat.

          - a 10 character "complex" password is likely to be cracked in under a year if you exist in a previous hack or a common pattern.

          - 12 characters means you are probably safe with a complex password against a single determined attacker

          - 14 characters should be safe with crypt, even against multiple attackers or attackers with significant resources

          - 16 characters will likely still be secure in 5 years. If you are concerned about quantum computing delivering significant increases in performance, move to 20 characters.

          1. Roland6 Silver badge

            There has been a variety of good theoretical feedback.

            It would be interesting, given the password lists now in the public domain that form the basis of HaveIBeenPwned for example. To run one of these lists through a cracker to see how many passwords get cracked in say 6, 12, 24, 48 hours, to put some real world handle on these theoretical calculations...

            Perhaps some security researcher has already done this?

            1. Anonymous Coward
              Anonymous Coward

              There are 555,278,657 unique passwords in https://haveibeenpwned.com/Passwords

              It would take a matter of seconds to create the hashes for a single, known salt on most modern PC's will likely generate the list at >100M passwords a second. If you have openssl installed, "openssl speed sha512" will give you a good idea of the CPU's hash speed - if you wish to use hashcat, you will also need OpenCL support installed.

              If you don't know the salt, then you need to do this for every possible salt to build a rainbow table - assuming Linux with a SHA512 password, the salt is either 2^48 (i.e. 8 characters of base64) or 2^96 (upto 16 characters are specified in the spec but I'm not aware of any mainstream OS's using this) so you still require a lot of time and storage to produce this.

              Which leads onto "how do we easily find the salt value?"

              If the passwords have been stored securely with SHA512 (i.e. modern Linux), the answer is likely luck in brute forcing the salt, but at 2^48 you have reduced the strength of the password dump to that as finding one salt allows you to quickly find a large percentage of the others and the remaining brute force is significantly easier. But even with a large resource dedicated to this and continuing technology advances, you are looking at more than 2^20 years (i.e. 3x10^10 seconds in a year, 2x10^10 hashes a second, 1x10^7 hosts for a distributed effort).

              However... in many of the dumps in the wild, the salt is either not used (i.e. LinkedIn's password dump - ref:https://queue.acm.org/detail.cfm?id=2254400) or there are other weaknesses (i.e. NTLM stored as two 7-character hashes or some IDAM applications require reversible encryption to be enabled on AD for full AD integration) that may make this much easier and once you have usable usernames/passwords, password re-use may get you a long way.

              Back to how this affects you, as you only have trust to protect you with third parties, long passwords and avoiding password re-use are the only real options for avoiding a password compromise on one service spreading to other services that you use.

    6. hmv

      True, but if you're relying on that fact to keep your hashed password hashed then you're likely to be disappointed. Whilst modern crytographic hashing algorithms are designed to be computationally expensive, compute time is cheap.

      For example, my password cracking rig (an old and slow box) can attack bcrypt hashes at about 1/10 the rate it can attack md5 hashes. So a 7-character password could be exhaustively checked in days rather than hours.

  3. A Bee

    He didn't immediately respond to a request for comment...

    ... as he was too busy resetting all his passwords.

    1. Phil O'Sophical Silver badge

      Re: He didn't immediately respond to a request for comment...

      On the positive side, it doesn't show up on Have I been Pwned yet.

    2. Anonymous Coward
      Thumb Up

      Re: He didn't immediately respond to a request for comment...

      Damn, you beat me to it.

    3. Captain Scarlet
      Coffee/keyboard

      Re: He didn't immediately respond to a request for comment...

      Glad I wasn't drinking tea when I saw this comment!

  4. Simon Harris
    Mushroom

    The only winning move is not to play...

    How about a nice game of chess?

    1. JimboSmith

      Re: The only winning move is not to play...

      Welcome Professor Falken.

      1. The Oncoming Scorn Silver badge
        Alien

        Re: The only winning move is not to play...

        Not for Sorin\Fenric either.

      2. Anonymous Coward
        Anonymous Coward

        Re: The only winning move is not to play...

        *greetings* professor Falken.

  5. Hans 1
    Angel

    Go to https://github.com/dspinellis/unix-history-repo

    Continuous Unix commit history from 1970 until today

    [...]

    The files appear to be added in the repository in chronological order according to their modification time, and large parts of the source code have been attributed to their actual authors. Commands like git blame and git log produce the expected results.

    awesome

    1. Doctor Syntax Silver badge

      Thanks for that link. Awesome indeed.

    2. C_D

      Monumental

    3. anothercynic Silver badge

      That is awesome! OMG!

      1. Androgynous Cupboard Silver badge

        From me too. Anyone tried compiling the first revision yet? Although "with what" is probably the next question - not sure how a modern C compiler would do on 1970's era code. It's a sort of "reverse bootstrap" problem.

  6. Crazy Operations Guy

    I have to thank ken for my passwords

    Years ago, I realized that memorizing a password was a pain in the ass while memorizing command strings was second nature. So, for the most part, my passwords are based on unix commands. So like my passwords would look like:

    "mv /var/log/secure.0 /mnt/Filer01/home/logs/$(hostname)/" or "chmod 644 /var/log/Postfix/auth.log.bz2"

    A command I typed on a nearly daily basis, many characters long, complete with numbers symbols, upper and lower case. I could even write it down on a piece of paper, or accidentally type it into a chat session and no one would even suspect it was my password. As a hint to myself, I might write down just the last part of the command. Periodically, I'd hack random characters into chats and instruct everyone to ignore it, or write something like that on a sticky note, just to throw people off.

    So I thank ken for creating Unix and giving me something to base my passwords on (And also for all the benefits that Unix brought to the world). But also for having a password that reaffirms my strategy: Something he likely typed in -a lot- or wouldn't stand out from his normal typing.

    1. Yet Another Anonymous coward Silver badge

      Re: I have to thank ken for my passwords

      If your passwd is "rm -rf /" make sure the correct window has focus before typing it....

      1. Danny 2

        Re: I have to thank ken for my passwords

        You shouldn't even type that here, it's a brain worm. I was slapping away at a Sun when a young developer in the open plan office confessed happily to everyone in ear shot that he'd previously deleted his machine. I thought, what an idiot. Then he said, "Oh no, I've done it again", and I thought what a moron.

        And then I did it myself. When you are coding, and someone inserts a thought into your code, well, I dislike open plan offices. Coders should have sound proofed booths.

        1. C_D

          Re: I have to thank ken for my passwords

          And the more annoying ones encased in a block of concrete, sunk to the bottom of the Thames. Yes.

          1. Carpet Deal 'em
            Devil

            Re: I have to thank ken for my passwords

            Such shallow thinking. If you're not willing to pay for a trip to the Challenger Deep, you don't deserve quiet.

          2. WolfFan

            Re: I have to thank ken for my passwords

            Oy! The Thames is polluted enough as it!

        2. Blane Bramble

          Re: I have to thank ken for my passwords

          "Coders should have sound proofed booths."

          You'll never cope with having kids if you have that attitude to disturbances. Learn to focus.

          1. Captain Scarlet
            Alien

            Re: I have to thank ken for my passwords

            I always find children are easily distracted with Lego

            1. MJB7

              Re: Children are easily distracted with Lego

              This works with programmers too.

          2. Jimmy2Cows Silver badge
            Trollface

            Re: Learn to focus

            Learn to have a sense of humour.

            1. Captain Scarlet
              Devil

              Re: Learn to focus

              Or at least blow your top and post in ALLCAPS.

          3. Updraft102

            Re: I have to thank ken for my passwords

            Why would I need to cope with having kids? It's about like me (a male) coping with having a period.

          4. MX9000

            Re: I have to thank ken for my passwords

            << Found the manager loosing Millions in Lost Coder Productivity.

          5. Charles 9

            Re: I have to thank ken for my passwords

            It's kinda hard to focus when the background noise exceeds 90 dB. That and the occasional point-blank shouts straight to your ear. The only kind of person who can ignore such a level of noise would be DEAF. And even they will have trouble when the murmur reaches the low frequencies that are more felt than heard, approaching Brown Note territory.

        3. Anonymous Coward
          Anonymous Coward

          Re: I have to thank ken for my passwords

          "And then I did it myself. "

          Many years ago:

          In a crowded terminal room - someone interrupted me as I was typing a file erase command. On resuming I hit send - then realised in horror that I hadn't completed the command line beyond the directory name.

          Apparently someone had also done that with a major statistics application source directory - which had not been archived owing to an ongoing system problem. They had to retype it from printer listings. In the process they discovered several bugs that affected the validity of the application's previous results.

          1. Doctor Syntax Silver badge

            Re: I have to thank ken for my passwords

            " statistics application ... retype it from printer listings. In the process they discovered several bugs that affected the validity of the application's previous results."

            Let me guess. FORTRAN. Misspelled variable names. Been there, done that.

        4. CrazyOldCatMan Silver badge

          Re: I have to thank ken for my passwords

          Coders should have sound proofed booths

          Better make it airtight as well :-)

        5. Anonymous Coward
          Anonymous Coward

          Re: I have to thank ken for my passwords

          "Coders should have sound proofed booths."

          Some would say air-tight would be better !

          <\joke>

      2. TheMeerkat Silver badge

        Re: I have to thank ken for my passwords

        You need to make it longer for security. What about prefixing it with “sudo”?

        1. Ian 55

          Re: I have to thank ken for my passwords

          sudorm (etc) would indeed be safe if you accidentally typed it as a command...

        2. Yet Another Anonymous coward Silver badge

          Re: I have to thank ken for my passwords

          >You need to make it longer for security. What about prefixing it with “sudo”?

          Real programmers are logged in as root,

          1. Doctor Syntax Silver badge

            Re: I have to thank ken for my passwords

            Real BOFHs certainly are.

      3. Hans 1
        Boffin

        Re: I have to thank ken for my passwords

        That password is very safe on Solaris and hence OpenIndiana, thank you very much ...

      4. redstarwilly

        Re: I have to thank ken for my passwords

        Many years ago, late one night, I was working on a make file. Tired, I used a path something like '~/temp' in the make file. Ran make, then did an ls. I noticed that there was a directory called '~' in the directory that I was building in. So, figuring out that '~' isn't automatically expanded in make files, I rectified the mistake and then, to get rid of the mistakenly created directory I typed: 'rm -rf ~', and hit enter.

        It seemed strange that it was taking so long to delete a few temporary build artifacts. A few minutes later (remember that I was very tired), the command was still running. A couple of minutes after that, I realised what I'd done. Just about to Ctrl-C, and the command finished.

    2. JBowler

      ARM slowed down to help Intel marketing department?

      On the other hand, I taught myself an 8 letter utterly random password and it keeps still working, no chess, no meaning, nuttin. Humans can remember 8 characters (latin alpha, upper plus lower, digits, no need to add spurious extra non-EBCDIC characters, whatever). Machines canne guess them, sorry capt'n, we donna have the CUDA cores, or the whisky, whatever.

      1. Baldrickk

        Re: ARM slowed down to help Intel marketing department?

        Not as easy when you have to remember 80-odd of them (I have 86 random passwords stored in my password manager) and 8 characters is pretty short now.

        That said my usual home desktop user password is 7 characters because I cba to keep typing a long one all the time... whoops.

        My new one is 23 characters, and I'm in the process of switching...

        1. Anonymous Coward
          Anonymous Coward

          Lots...

          ... of passwords. Currently 525 showing in my password manager. There's no way I'm remembering 525 8 character passwords, let alone 525 passwords varying in length from 12-64 characters (12 because some developers are morons and limit the number).

        2. Updraft102

          Re: ARM slowed down to help Intel marketing department?

          My Linux account password may or may not be on the short side, and for the same reason, but the passphrase to unlock my LUKS encrypted SSD might be in the teens of digits (with both being random strings to which I have applied a mnemonic to remember).

        3. MX9000

          Re: ARM slowed down to help Intel marketing department?

          Can't you update your home machine to a Mac and use your fingerprint?

          1. RNixon

            Re: ARM slowed down to help Intel marketing department?

            My home machine is a Mac, and I can't unlock it with a fingerprint.

    3. This post has been deleted by its author

    4. Doctor Syntax Silver badge

      Re: I have to thank ken for my passwords

      "A command I typed on a nearly daily basis, many characters long, complete with numbers symbols, upper and lower case. I could even write it down on a piece of paper, or accidentally type it into a chat session and no one would even suspect it was my password."

      That depends on who sees it. Folk like us could be deceived but there are plenty of people who might see that on your desk, think it makes no sense and start wondering whether it's a password.

  7. Blockchain commentard

    In this day and age, with vast computational power and cheap storage, why hasn't someone created a database of all possible password (up to say, 64 characters) and put next to them the md5, sha356 etc hashes.That way, you search for the md5 hash and find all the possible plain text passwords. I know some people would use it for evil, but I'm sure it'd be more helpful for sysadmins etc.

    1. irrelevant

      You are talking about Rainbow tables. These are freely available, if huge, but are much less useful these days as stored passwords should now be salted, so that two hashes of the same password will result in different values.

      1. Joe Montana

        Should be

        Should be salted, but often aren't...

        Windows still uses NTLM, which is not salted.

        Various developers try to roll their own password storage mechanism instead of relying on a tried and tested one, and in 99% of cases they manage to make something with serious weaknesses.

        1. sabroni Silver badge

          Re: Windows still uses NTLM, which is not salted

          Windows can still use ntlm but defaults to more secure methods. I'm sure if you tried hard enough you could get old insecure algorithms running on Linux.

          Stick to the domain you have expertise in.

        2. Jou (Mxyzptlk) Silver badge

          Re: Should be

          D*mmit - the NTLM mentioned several time here is DOS / Win3.x / Win98 time.

          Server 2008 (non R2) and Vista were the last which Win98 and DOS could contact over the network, albeit needing a few modifications on the servers to be let in. Window Server 2008 R2 it was still possible as well, but required A LOT more effort, and a non-2008-R2 active directory if you needed that. With Server 2012 on: No dice, every old crypto shit of those old OS-es is blocked, especially in AD environments. To all those "Windows NTLM" screamers out there: Update your brain to spec and stop referring to Win OS-es older than two decades.

          Unless you do the same for every old OS version out there, which will make you run away screaming from every computer.

      2. Snowy Silver badge
        Paris Hilton

        Confused

        I thought the method was the password is hashed/salted then compared with the stored value, if they do not match the password is incorrect.

        Unless you are saying the hashed/salted values would be different if the salting method/value is different?

    2. doublelayer Silver badge

      You want to store a rainbow table of up to sixty four characters? Well, among other things, that's:

      94^64+94^63+94^62+...+94 = ~1.926*10^126 password options (using the 94 characters from the standard ASCII printables)

      Assuming we store a compressed version of that string that takes, on average, 20 bytes and we also store only a 256-bit hash (32 bytes), that's

      1.926*10^126 passwords * 52 bytes/password * 1 terabyte / 1099511627776 bytes =

      9.112*10^115 terabytes of storage

      Using the rough numbers of 600 grams for a 3.5-inch hard drive, which we assume stores 16 terabytes, and has a cost of $200 U.S., this would produce a set of hard drives weighing 3.417*10^114 kg and costing $1.139*10^117.

      In other words, your rainbow table would weigh about 1*10^75 times the mass of the sun and would cost so much that, even if you diverted the gross world product to pay for it, you'd need to continue long past the death of that sun to pay it off.

      1. Lee D Silver badge

        And that is why password hashes work at all.

        If it was as simple as just "making every combination" and storing it somewhere, people would have done it decades ago.

        Next question - how many ways can you organise/shuffle a standard 52-card pack of cards? Just a bog-standard pack of cards.

        Now: How long do you think it would take to make every possible set of cards if you just sat and did it deliberately? Hint: You're going to need to start reproducing at some incredibly rate to provide helpers, and even then it'll likely take you millions of years.

        Have a look at http://project-rainbowcrack.com/table.htm

        A rainbow table for MD5, for instance, for all the easily-typable ASCII characters, for passwords up to length 7 is 27 GB.

        A rainbow table for length 10, but only alphanumeric characters, is hundreds of gigabytes.

        From there, it explodes out of hand very quickly.

        There's a reason we tell you to use passwords greater than 8 characters. And I'll let you into a secret... no matter what your wife says, only length matters. All the complex characters etc. do almost nothing to increase the difficulty. But adding one single character to the length can multiply the complexity by orders of magnitude immediately.

        1. Hans 1
          Paris Hilton

          And I'll let you into a secret... no matter what your wife says, only length matters.

          Oh, come on, spice also plays a pivotal role.

          1. Aladdin Sane

            Only if you walk without rhythm.

            1. 404

              Keeps the worms from paying attention, but we also have thumpers...

          2. Anonymous Coward
            Anonymous Coward

            re: no matter what your wife says, only length matters

            Science disagrees. Girth is far more relevant to sensation. How deep do you think vaginas are, exactly?

            1. Anonymous Coward
              Anonymous Coward

              Re: re: no matter what your wife says, only length matters

              If you don't already know, then the real answer isn't going to help you.

          3. sum_of_squares
            Trollface

            You're more the "it explodes out of hand very quickly" type, eh?

          4. The Oncoming Scorn Silver badge
            Paris Hilton

            & the spice must flow.

        2. AIBailey

          How long do you think it would take to make every possible set of cards if you just sat and did it deliberately?

          That reminds me of something I read a while back that puts it in perspective:

          "Say that there exists 10 Billion people on every planet, 1 Billion planets in every solar system, 200 Billion solar systems in every galaxy, and 500 Billion galaxies in the universe. If every single person on every planet has been shuffling decks of cards completely at random at 1 Million shuffles per second since the BEGINNING OF TIME, every possible deck combination would still yet to have been "shuffled"."

          1. Bill Gray

            52! = 8.06e+67 (roughly)

            We have 10e+9 * 1e+9 * 200e+9 * 500e+9 = 1e+42 people on the job

            Each checks a million a second, so we're going through 1e+48 combos/second

            It ought to take about 8.06e+19 seconds

            There are about pi * 1e+7 seconds in a year, so about 2.56e+12 years

            The universe is about 13.8 billion years old, so we'd be about 0.5% done.

            I started this out thinking I might show you were wrong. Obviously, we're _way_ behind on the job... time to start populating the universe, building lots of playing card factories, and practicing our shuffling skills.

            1. Aladdin Sane
              Coat

              Practising your shuffling skills makes populating the universe less likely.

        3. Anonymous Coward
          Anonymous Coward

          ... no matter what your wife says, only length matters. All the complex characters etc. do almost nothing to increase the difficulty. But adding one single character to the length can multiply the complexity by orders of magnitude immediately.

          Good advice, but why do people always refer to the the number of characters in a password as its length? On my screen it's quite clearly width.

          1. drand

            You're holding it wrong.

        4. ExpatZ

          The only correct answer here so far.

          Spot on.

          Pass phrases and/or hardware tokens are the way now and for the forseeable future.

        5. Loyal Commenter Silver badge

          There's a reason we tell you to use passwords greater than 8 characters. And I'll let you into a secret... no matter what your wife says, only length matters.

          Well, yes and no.

          Dictionary tables, containing a few thousand different common words, and an algorithm that subsitutes '1's for 'i's, '0's for 'O's etc. in all available combinations, adding in common combinations of numbers and symbols before and/or after the word can crack many passwords pretty quickly, even if the word they are based on is "flocinocinauhinipilification".

          I'm no security expert, but to take a keen interest in such matters. IIRC, the general approach to cracking an a file of unknown password hashes (lets say we have 10,000) would be:

          1) Check against a list of "top 1000" most common passwords - this will probably get you 85% of them in a few seconds.

          2) Perform a dictionary attack on unsubsituted words (and common anmes / phrases) - probably get you another couple of %, in a few minutes, depending on the password policy in use (i.e. no "must contain a funny character / number" rules)

          3) Perform a dictionary attack with substitutions; this will probably get you another 10%, perhaps in minutes/hours

          4) If the hashes are unsalted, you can use a rainbow table. Depending on the amount of space you have, this will crack all passords up to however many characters you have the table for (lets say 8) in the time it takes to seek the index (fractions of a second per password). (this is why we salt passwords)

          5) Brute force the remaining 5% (lets say we have 500 left). Depending on the length, and the hardware you have available, this is going to take anything from minutes (passwords of fewer than 8 characters) to months (passwords of ~12 characters) to years (more than that) for each password.

          As you can see, length is important if you want to protect against an attacker brute-forcing a password, but at the same time, not choosing an obvious password (such as "Password123" or "Correct Horse Battery Staple" or "ManUnited4Ever") is more important, especially since attackers will typically go for low-hanging fruit. If you set weak passwords for things, you're also more likely to re-use those passwords, and potentially be an easier target for things like phishing as well.

      2. Anonymous Coward
        Anonymous Coward

        Not sure...

        ...as it's been a long time, but I think your maths is off a bit?

        nPr would be 94! / (94 - 64)! which is ~4.1 * 10^113, so still very big numbers.

        1. doublelayer Silver badge

          Re: Not sure...

          Sorry, but that calculation is not sufficient. You're getting the combinations of 64 characters that can come from a set of 94 possibles. But since characters can be repeated, there are actually 94^64 options. However, since a 63-character password is not one of the set of 64-character passwords, it becomes that series I wrote instead. Either way, it's a bunch of numbers. But just in case you have access to the biggest hard drive and processor factory ever, make sure you check all permutations and all lengths lower than your limit or your rainbow table will have gaps.

        2. This post has been deleted by its author

      3. Jimmy2Cows Silver badge
        Pint

        Exemplary analysis! Almost Swiftian in its Rapier-like subtlety. Thank you.

      4. Wayland

        So if anyone has already built such a Rainbow table then we're looking for a computer the size of several universes.

        1. The Oncoming Scorn Silver badge
          Joke

          Shut up & get back to the business of cracking the latest password required for the user(s).

      5. CheeseyDJ

        3.417*10^114 kg is actually many, many orders of magnitude larger than the mass of the entire universe.

      6. hmv

        I'm not sure how widely rainbow tables are used these days, but your size calculation may be a bit off - ntlm_mixalpha-numeric#1-9 (NTLM hashes all combinations of alpha-numeric shorted than 10 characters) is roughly 700GBytes in size.

        1. Loyal Commenter Silver badge

          So, that's 700Gb for hashes of all passwords up to 9 characters in length (The size of a standrard hard disk), 94x that size, for 10 characters (66 Terabytes, the size of a large comms room disk array), 94x that size for 11 characters (6.2Pb, the size of a pretty big data centre), 94x that for 12 characters (580Pb, about twice the size of CERN's data centre storage) ... (64! - 9!) x 94 that size for 64 characters (we're going to need a bigger multiverse).

    3. d3vy
      FAIL

      "In this day and age, with vast computational power and cheap storage, why hasn't someone created a database of all possible password (up to say, 64 characters) and put next to them the md5, sha356 etc hashes.That way, you search for the md5 hash and find all the possible plain text passwords. I know some people would use it for evil, but I'm sure it'd be more helpful for sysadmins etc."

      Indeed... and then why havn't we created the same tables with every conceivable salt applied to the inputs?

      I think we might run into storage problems....

  8. Grikath

    few days?

    "But given that Thompson's eight character password hash was cracked in a few days,....."

    On modern hardware, using modern algorythms.... I very much doubt that anything they had in the day could have brute-forced that password in any time within a human lifetime. (And remembering the extortive rates for run time in the day, you'd need the budget of a moderately-sized industrialised nation to even try...).

    1. oldtaku Silver badge
      Unhappy

      Re: few days?

      The article is pointing out that the advice is STILL to use 8 character passwords (minimum). Which is a terrible recommendation. You need a lot more than that.

    2. Doctor Syntax Silver badge

      Re: few days?

      "I very much doubt that anything they had in the day could have brute-forced that password in any time within a human lifetime."

      It depends which day. The Cuckoo's Egg by Cliff Stoll is an interesting read. I can't remember the period to which it relates but I think it was the 386 era. Someone had hacked into a system he looked after and he discovered they'd copied the passwd file. In those days passwd contained actual passwords. They came back a few days later using some cracked passwords.

      The passwd file needs to be universally readable so that programs can look up the owner name of a file from its numerical owner, e.g. ls -l That's why we don't now have passwords in passwd but in shadow.

      1. Roland6 Silver badge

        Re: few days?

        >The Cuckoo's Egg by Cliff Stoll

        The core events in the book were 1986~1987.

      2. Jou (Mxyzptlk) Silver badge

        Re: few days?

        "The passwd file needs to be universally readable" hold it hold it...

        Never heard of /etc/shadow ? So you are about 30 years behind. THIRTY YEARS!

        From https://en.wikipedia.org/wiki/Passwd#Shadow_file

        Password shadowing first appeared in Unix systems with the development of SunOS in the mid-1980s, System V Release 3.2 in 1988 and BSD4.3 Reno in 1990.

        1. Doctor Syntax Silver badge

          Re: few days?

          Hey, you must have been reading my post where I explained just why we do that.

    3. Lee D Silver badge

      Re: few days?

      Exactly... that password has been "in the open" since 1979 in one way or another, certainly exposed, and certainly since 2014 it's been known about.

      The effort to crack such things is intense even today, and takes someone specifically looking at decrypting EXACTLY that old, decrepit hash, just for fun. They did quite well, considering. And in any live system, that password would have gone through dozens of hash updates and upgrades. It didn't do bad for something that was probably written before I was born!

    4. PerlyKing

      Re: few days?

      I very much doubt that anything they had in the day could have brute-forced that password in any time within a human lifetime.

      And yet here we are, less than a human lifetime later.... Progress!

      1. DavCrav

        Re: few days?

        "And yet here we are, less than a human lifetime later.... Progress!"

        Yes, that's the interesting thing about long run times. Often the best thing to do is to save your money for the first few years and buy a better computer, then solve the problem.

    5. John Robson Silver badge

      Re: few days?

      " I very much doubt that anything they had in the day could have brute-forced that password in any time within a human lifetime"

      Well, the fact that it has been cracked within a human lifetime demonstrates that you are incorrect - the research they had in the day led directly to the GPU that eventually took just a few days.

      Forward secrecy is hard... Although to be honest having a password that took this long to crack was quite good... The character combination would certainly have been unusual, and it was easily memorable.

      1. juice

        Re: few days?

        > " I very much doubt that anything they had in the day could have brute-forced that password in any time within a human lifetime"

        > Well, the fact that it has been cracked within a human lifetime demonstrates that you are incorrect - the research they had in the day led directly to the GPU that eventually took just a few days.

        The original poster was talking about cracking the password using the hardware which was available at the time this password was leaked. I.e. 1979.

        That's 40 years ago. Let's see - where's that beer mat?

        *scribble*

        Applying Moore's Law, that's about 25 cycles of exponential performance improvements. I.e. today it took 4 days, but 18 months ago it would have taken 8.

        And 4^25 days is a number big enough that Google's built in calculator switches to e notation (1.1258999e+15, fact fans). But with a bit of tinkering, it comes to 3,084,657,279,020,000 *years*, if you had attempted to brute force the password with 1979 technology. Cry havoc and set loose the Apple ][!

        Yes, it's a gross oversimplification - Moore's Law hasn't really applied for a few years, this was done on consumer GPU hardware, and no doubt there was special hardware and algorithms clutched firmly in the claws of various secret agencies, even then. But hey. There ain't that much room to scribble on this beer mat...

        1. Wayland

          Re: few days?

          "Applying Moore's Law, that's about 25 cycles of exponential performance improvements. I.e. today it took 4 days, but 18 months ago it would have taken 8."

          That's pretty good. The fastest hashing AMD GPU 18 months ago was an R9 390x with half the hash rate of the VEGA which came out about then. VEGA also uses about half the power to work twice as fast.

          There are farms of these VEGA cards mining crypto. Even a 4 card rig could probably do it in a day.

        2. ibmalone

          Re: few days?

          It's an interesting point of semantics, the hardware available in 1979 has been used to create the next generation of hardware, and then the next generation of hardware and then...

          Ultimately they used a better algorithm than straightforward brute-forcing, which was to build better technology first and apply that.

          There's a real lesson though, don't judge the expected lifetime of your security measures against today's hardware. If in 1979 Ken Thompson had relied on his password being secure past 2019 based on what brute-forcing with then-available technology could do he would now be out of luck.

          1. batfink

            Re: few days?

            Yes - and who seriously cares if a password can be cracked in 40 years' time?

            A lot of the original players will have passed on, and if we're talking about nation-state secrets, then we're talking history.

            Having said all that - Ken can be pleased with himself...

        3. Bill Gray

          Re: few days?

          Kinda surprised nobody's pointed this out : Moore's Law posits a _doubling_ of computing power every 18 months. You've got it as a _quadrupling_; it's 2^25, not 4^25. You also have it as 25 quadruplings times nothing in particular, rather than 25 quadruplings starting from four days.

          So we really ought to be thinking that 40 years ago, it would have taken about 4(2^25) days to crack this password, or about 370,000 years. Still a long time, I grant you. But not 200,000 times the age of the universe.

          1. juice

            Re: few days?

            > Kinda surprised nobody's pointed this out : Moore's Law posits a _doubling_ of computing power every 18 months. You've got it as a _quadrupling_; it's 2^25, not 4^25. You also have it as 25 quadruplings times nothing in particular, rather than 25 quadruplings starting from four days

            Fair point - I should have paid more attention when scribbling on the beer mat ;)

      2. d3vy

        Re: few days?

        @John.

        Yes, but its been cracked by modern hardware many orders of magnitude more powerful than anything that was available at the time which is what the OP was referring to.

        1. Wayland

          Re: few days?

          We know what the original poster was referring to but that was an artificial situation not real world.

          If you lock something valuable with a crypto-key which takes 80 years to crack with present hardware it does not mean you have 80 years. That's the important point here.

        2. John Robson Silver badge

          Re: few days?

          One of the best methods of optimising HPC tasks for decades has been to "buy next years computer instead".

          This is a (slightly protracted) version of that.

          The low interest (given that it only took a few hours on current hardware - it would only have taken a few days for the last few years) is what kept the secret for 40 years - the early leak, and the fact that it resisted (niche) efforts for even a small number of years is still impressive - but does also show that password entropy is really important.

          Forward secrecy is really hard - how long you want something to remain secret depends on how disposable it is... If it's a login that you can revoke and set a new token then it only needs to be reasonable.

          If it's protecting a file which you speculate might be released in it's encrypted form (i.e. you don't trust your cleaners, or it must be transmitted across non owned networks) then you might want it secret for a lot longer than 40 years... and that becomes very difficult indeed.

    6. James Anderson

      Re: few days?

      But even then you have to get hold of the passwd file to do even that.

      In this century you would need the shadow password file which requires root access, and, a rainbow file would not help as a random “salt” is added to the password before encryption.

      The biggest problem is complex password rules which demand a mixture of lower and upper case plus a number and a special character, which requires a post it note to remember.

      A minimum of 12 any character you choose would provide better security.

  9. BucktoothBever

    What?!?!

    That's the password to my luggage!!!

  10. Anonymous Coward
    Anonymous Coward

    DES - flashback

    For the youngsters out there, DES was the "Data Encryption Standard".

    Mandated for American security.

    Gotta love the NSA. They made sure that the key was short enough for their servers to crack in months.

    1. Baldrickk

      Re: DES - flashback

      Interestingly enough, when they looked at DES before it was released, they suggested changes to the S-boxes used.

      Those changes made little sense at the time, but were implemented.

      It was about 20 years later when differential cryptanalysis techniques first surfaced in a research paper, it was found that these changes made it far more resistant to this type of attack.

      Which of course means they knew about differential cryptanalysis back then.

      Give with one hand, take with another I guess.

  11. dwodmots

    They'll never guess this one.

    Incorrect horse battery staple.

    1. Neoc

      Re: They'll never guess this one.

      Obligatory: https://xkcd.com/936/

    2. Oh Matron!

      Re: They'll never guess this one.

      Came here to see this, not disappointed.

    3. Refugee from Windows

      Re: They'll never guess this one.

      So much for a password hint - your password is incorrect

      1. d3vy

        Re: They'll never guess this one.

        "your password is incorrect"

        Suggesting that I've at least got a valid user name... half way there :)

    4. Baldrickk

      Re: They'll never guess this one.

      https://nakedsecurity.sophos.com/2012/08/13/correcthorsebatterystaple-dropbox-wit/

  12. sbt
    Boffin

    Well, there's your problem

    No capital letters.

    On second thoughts, I imagine the iterations over character classes goes lc, digits, uc, symbols, based on common usage patterns. So you can probably still get the complexity benefits for brute-force resistance of uppercase letters even if you don't actually include them, but still use symbols. The uc letters will be checked anyway, but more symbols puts the check of your password at the back of the list; brute forcing "aaaaaaaa" must be pretty fast, but ";;;;;;;;" slow.

    1. Yet Another Anonymous coward Silver badge

      Re: Well, there's your problem

      GPU crackers run in parralel there isn't much advantage in using zzzz

      1. sbt
        Boffin

        GPU crackers run in parallel;

        Even massively parallel brute-force searches have to run through the search space in a certain order. Not all at once.

        I'm counting on the guess that 'aaaaaaaa' will be checked really early, long before ';;;;;;;;', which I'd expect to be later, at least for combinations of that length. That is unless the algorithm checks repetitive combinations before pseudorandom ones, which would be a good idea.

    2. ThatOne Silver badge

      Re: Well, there's your problem

      Genuine question: Apparently having series of the same letter ("aaaa") in a password is a bad idea, isn't it? So what about that same series of letters appearing mixed with other letters, like "a+a#a%a"?

      My point being that "a+a#a%a" is pretty similar to "aaaa+#%", which apparently is supposed to be a bad password. Many passwords (especially long ones) have repeating letters, do those reduce entropy? And if not, why is "2Tz~K£aaaa" a worse password than "2Tz~K£qwhu" (no repeating letters)?

      .

      (Just wondering, I like to understand.)

      1. Killfalcon Silver badge

        Re: Well, there's your problem

        Kinda?

        A 'true' brute force tries literally every combination until it hits one. These don't care about repeated characters at all.

        Cleverer solutions try to focus on "most likely" strings. Lists of common passwords, dictionary words with a number at the end or the standard vowel replacements (i=1, e=3, etc), and easily memorised patterns.

        If your repeated letters drop you into one of the Known Patterns, it'll be cracked sooner, though odds are very good it won't. In reality, the person setting the password rules is going on gut feel and trying to stop users doing daft things like making their password "aaaaaaa1!", and implementing rules they think will help.

        Then the original coder leaves the company and no-one else knows why these rules were picked, so they all assume there's a good reason...

        1. ThatOne Silver badge

          Re: Well, there's your problem

          Sure, but simply going by the password cracking tools, is "password%%%%" easier to crack than "password#%$&"? All right, the "password" part is a common dictionary word, but what I'm wondering is if the four characters added to it will/should/might obfuscate the hash so the cracker needs to brute force the whole thing like if it was all random. And in this case, would be "password####" really easier to crack than "password#%$&"?

          The idea is to defend yourself against what will attack you, so if it's all the same for password crackers, you could possibly use a password like "password++++++++++++++++++++++++", which is 32 characters long and yet very easy to remember ("password" and 24x "+"). All right, I admit that from a purely theoretical point of view it has less entropy than a 32-character password like "nB!y8s#ey8$aw&I1ga2x?t3-6+86K=OA", but is its hash really easier to crack? I don't think you could find that in rainbow tables, I think that calculating the hash of any dictionary word with a random amount of a random number of repeated characters after it would create a unmanageably huge list, which puts you beyond the reach of ordinary (lazy) hackers (obviously if your password protects the crown jewels you might want to go the hard way and avoid that kind of cheat.)

        2. keithpeter Silver badge
          Coat

          Re: Well, there's your problem

          Arrived here late. If anyone is still reading...

          Suppose I put batteryhorsestaple in a Playfair like grid of (say) 5 by 4 squares like this

          batte

          ryhor

          sesta

          pleXX

          and then read the grid top to bottom in columns giving

          brspayelthsetotXeraX

          have I just defeated the probability based crack strategy and dropped down to brute forcing a 20 character passphrase? Or do the crack algorithms look at permutations like this?

          1. ThatOne Silver badge

            Re: Well, there's your problem

            > do the crack algorithms look at permutations like this

            I don't know, but I seriously doubt it. It's about the exponentially increasing amount of possibilities: You chose a 5x4 grid, but you could as well have chosen a 4x5 one, or a 3x4 (and so on). At some point it becomes impractical to try to find any hidden dictionary words and you just brute force the whole thing.

            Some permutations are obvious, "password" can be "PaSsWoRd" or "p455w0rd" (and so on), so it's easy to check for those as just as many new dictionary words, But then there are the less obvious modifications. For instance ROT-13 might be count as obvious, but what about ROT-[my first girlfriend's birthday divided by my car's license plate]? Too many possibilities to check for, so for all intents and purposes it's a totally random string.

      2. James Anderson

        Re: Well, there's your problem

        Computationally “aaaaaaa” is just as difficult to crack as “dN#s@%-“. It’s about the order of the guessed password.

        So any practical password cranking algorithm will start of trying “password”, “secret” etc. before going on to more complex patterns.

        1. ThatOne Silver badge

          Re: Well, there's your problem

          Thanks.

          So there is a point in making passwords you can't/don't want to write down (at that time) insanely long, by adding a rather big amount amount of repeated characters. It's very easy to remember "my parents' names and 58 times the symbol '§'", or even better, "17 times '@', my parents' names, then 41 times '§'".

          Even if the adversary knows you might be using such a scheme, due to the huge size of the final password I guess it must take quite some time to crack, especially if you put the dictionary word(s) somewhere in the middle of the repetition, forcing the adversary to check all possibilities one by one.

          Just an idea.

    3. hmv

      Re: Well, there's your problem

      It can be tuned (the John the Ripper file is interesting enough that it looks like a beginner's sendmail.cf), but it's usual to start with words (and word transformations). When it comes to brute-forcing, I suspect that it's based on frequency analysis of cracked passwords.

      One thing I always point out in reference to word transformations when someone suggests one, is that professional password crackers have already thought of every transformation that we've thought of, and then some.

  13. Sorry that handle is already taken. Silver badge

    "who wondered whether Thompson might somehow have used uppercase or special characters"

    Do uppercase or special characters require some kind of hack to use?

    1. Yet Another Anonymous coward Silver badge

      Re: "who wondered whether Thompson might somehow have used uppercase or special characters"

      No just a bigger search space.

      The number of possible 8 letter strings of 26 lower case letters is much (6000x) smaller than the combinations of 8 of 95 printable ASCII character symbols

      1. Sorry that handle is already taken. Silver badge

        Re: "who wondered whether Thompson might somehow have used uppercase or special characters"

        It was the use of the word "somehow" that threw me, as if it was something that would be unexpected or thought impossible.

    2. Baldrickk

      Re: "who wondered whether Thompson might somehow have used uppercase or special characters"

      I was wondering the same thing... It could be that early unix only accepted lower case and standard symbols. Putting in something like the BEL character (Ascii #7) is decidedly uncommon.

      the word "somehow" is suggestive that it wasn't usually possible.

      https://retrocomputing.stackexchange.com/questions/12523/could-you-use-uppercase-or-special-characters-in-a-password-in-early-unix

      1. dajames

        Re: "who wondered whether Thompson might somehow have used uppercase or special characters"

        I was wondering the same thing... It could be that early unix only accepted lower case and standard symbols. Putting in something like the BEL character (Ascii #7) is decidedly uncommon.

        I did once try creating a password with a BEL (Ctrl+G) in it, on a Westrex teletype connected to a mainframe. The distinctive ding of the teletype's bell when the password was entered was a dead give-away for anybody watching one type it in!

        Not recommended.

      2. Doctor Syntax Silver badge

        Re: "who wondered whether Thompson might somehow have used uppercase or special characters"

        IIRC control characters including backspace were acceptable.

  14. NATTtrash
    Joke

    Oh dear!

    So my passwords 123456 and qwerty are not good?

    1. Ken 16 Silver badge

      Re: Oh dear!

      No, too short and you need numbers and funny characters, try Password1 or Password1!

    2. I ain't Spartacus Gold badge
      Happy

      Re: Oh dear!

      My password is: AZERTY

      They'll never guess that!

      1. CrazyOldCatMan Silver badge

        Re: Oh dear!

        My password is: AZERTY

        [clickety-clickety-click]

        Why - so it is!

        And you should be ashamed at some of the pictures you are storing..

        1. I ain't Spartacus Gold badge

          Re: Oh dear!

          How dare you! Lamb and mint sauce is a classic combination!

          I have nothing to feel baaad about.

    3. The Oncoming Scorn Silver badge
      Coat

      Re: Oh dear!

      That's amazing. I've got the same combination on my luggage.

  15. Danny 2

    Whistled passwords

    In one job I spent most of my time on other companies sites surrounded by their employees, often with another colleague at the other end of the room. We so often had to pass passwords that a developer came up with a shared code based on song titles that we could whistle to each other without anyone realising.

    It was obviously a flawed system given not everyone could whistle and didn't share common songs always, but I'd just moved there from a council where the way to find out the sys admin password was to shout across a crowded room, "What's the password?" and they'd shout it back.

    To this day all my unimportant pass phrases can be whistled, just out of nostalgia. I think the tune is an aide-mémoire.

    1. I ain't Spartacus Gold badge
      Happy

      Re: Whistled passwords

      What happens when the same tune has more than one lyric?

      For example 'God Save the Queen' can also be the American 'My Country 'Tis of Thee' or the national anthem of Lichtenstein...

      It's still a great system though.

    2. CrazyOldCatMan Silver badge

      Re: Whistled passwords

      song titles that we could whistle to each other without anyone realising

      Cool. I'll use Rumble Fish Twist by the Flower Kings. *Everybody* knows that one - right?

      Mind you, the intro is a tad difficult to whistle unless you are an expert whistler..

      1. Yet Another Anonymous coward Silver badge

        Re: Whistled passwords

        Biometric passwords in the form of interpretative dance?

        1. Danny 2

          Re: Whistled passwords

          Interdimensional travel through interpretative dance is the plot of the surprisingly good "The OA".

          A woman trying to chat me up once said I was very graceful, and asked what forms of dance I did. I blew my chances by telling her I didn't ever dance. Idiot, she wasn't actually asking me to dance, I could easily have lied and said foxtrot or something.

          1. Yet Another Anonymous coward Silver badge

            Re: Whistled passwords

            > I could easily have lied and said foxtrot

            Amateur, you should have made up Elbonian folk or Mayan freeform or somethign so that when you cock up she wouldn't know

          2. DavCrav

            Re: Whistled passwords

            "Interdimensional travel through interpretative dance is the plot of the surprisingly good "The OA"."

            Is this a new definition of the word good that I am not familiar with? Try Season 2.

            1. Danny 2

              Re: Whistled passwords

              Aye, they should have either cancelled it after the first season or commissioned it for a third season.

              The first season was excellent though, far better than Stranger Things or Dark. Each episode was so tangential yet cumulative and substantial.

              The opening sequence of the main protagonist jumping off a bridge to kill herself was defining of the concept.

  16. This post has been deleted by its author

  17. Spanners
    Big Brother

    Proof of XKCD

    This is still valid...

    https://xkcd.com/936/

    1. PeterO
      FAIL

      Re: Proof of XKCD

      5hrs late though !

      1. I ain't Spartacus Gold badge
        Happy

        Re: Proof of XKCD

        Oh no! https://xkcd.com/936/ is my actual password!

        I thought it was good because of all the special characters...

        1. Danny 2

          Re: Proof of XKCD

          That's a far more secure password than http://xkcd.com/936/

  18. Jakester

    Back in the Day...

    I worked with a VAX 11/780 with the VMS operating system around 1980. Passwords were hashed to a 16bit word. The interesting thing was it used the same password algorithm as the Radio Shack Model 1 computer. It was a simple matter on either system to go into debug and change the password hash to a null password.

  19. Anonymous Coward
    Anonymous Coward

    My ISP assigns passwords - with no option to make your own strings. They use a random combination of about six short-ish words. How effective is a brute force approach for guessing those?

    1. Brangdon

      It depends on the size of the dictionary they use. If it has 4096 words, then 6 words taken from that has 2^(12*6) = 2^72 combinations to try, which is reasonable for most purposes. 6 words is significantly stronger than 4 words. They might be using a larger dictionary, too.

    2. d3vy

      As always the answer is "It depends"

      If the person trying to crack the PW knows that its 6 random short words then they can factor that into their attempts at cracking the password which reduces the amount of possible combinations considerably.

      If they don't know anything about the password they are cracking and they need to brute force it using random combinations of letters six short words is considerably safer than eight random characters (Easier for a human to remember too - so less likely to be written down).

      Factor in a decent salt and I wouldn't have too many concerns about this at all.

      Many of the passwords I have to anything important are made up of words or short phrases.. if you're really paranoid misspell one of the words...

      Its never going to be un-crackable (As the article demonstrates, over a sufficient amount of time, nothing is) but you're definitely into the realms of it being unfeasible for the foreseeable future.

    3. dajames

      My ISP assigns passwords - with no option to make your own strings. They use a random combination of about six short-ish words. How effective is a brute force approach for guessing those?

      Is this RFC2289? That, as written, uses six words from a dictionary of 2048 to represent six groups of 11 bits that encode a 64-bit number (with a bit of juggling to get 66 bits from 64).

      If so, there are 2^66 possible different combinations of words, of which only 2^64 are actually used.

      RFC2289 is quite old, now. It describes using MD4, MD5, or SHA-1 digest algorithms in a password generation function. Given the general weakness of passwords I would think that RFC2289 with SHA-1 would still be regarded as better than a user-chosen password, but one could update the algorithm to use a better hash function -- but then one would probably want to use more than 64 bits of the digest output, and so would end up with more than six words in the password.

      1. Anonymous Coward
        Anonymous Coward

        "[...] uses six words from a dictionary of 2048 [...]"

        Presumably the set of 20148 words are chosen by each implementation - rather than being prescribed by the RFC?

        Without access to the details of that "unique" set then cracking it has to assume a much larger dictionary of possibilities. However - a subscriber could repeatedly request new passwords and thus map the permissible set to some extent.

    4. The Oncoming Scorn Silver badge
      Boffin

      Ahhh the ghost of Pipex rears it's head.

  20. Groaning Ninny

    Ken top posts?!

    1. Peter X

      Yeah, that was bothering me too!!

      Bet he used an iPad or something to write his reply as well. ;-)

  21. STOP_FORTH Silver badge
    Holmes

    Hacking Ken

    But if you know he's interested in chess, surely you only have to try twenty passwords?

    Unless he's playing black.

    (Icon - "The chess mysteries of Sherlock Holmes" - most excellent read.)

    1. JoeCool Silver badge

      Re: Hacking Ken

      Are you thinking opening moves only ? doesn't have to be. Castling, end game scenarios, "isolation" exercises. And it could be a sequence of moves.

      1. STOP_FORTH Silver badge

        Re: Hacking Ken

        It's only 8 characters, so it can't be more than one move.

  22. LeahroyNake

    Windows xp

    I remember being able to use a Linux boot CD to either reveal or set new Windows XP passwords in a few minutes.

    Not had to try getting local admin with W10 yet but I assume the forcing of those 3 questions when you make a local account will not help security.

    1. Yet Another Anonymous coward Silver badge

      Re: Windows xp

      Ntml passwords used a very weak hashing function and iirc only used the first 8chars

      It was also trivial to edit the password store and write a null password

    2. Anonymous Coward
      Anonymous Coward

      Re: Windows xp

      "I remember being able to use a Linux boot CD to either reveal or set new Windows XP passwords in a few minutes."

      One of the first lessons I learned as a junior systems programmer many, many years ago To get past an O/S's security - treat its filestore as data for an unrelated O/S.

  23. hayzoos
    FAIL

    Current password guidance

    There is so much wrong with all the "current" password guidance out there. First, the PHB types don't bother to check the timestamp presenting generation(s) old guidance as current. Then you have the lazy dev types only implementing the minimums but leaving out select special characters because their input checking is non-existent and have to avoid SQL injection, but technically current guidance. All the stupid rules only allowing this, disallowing that. So I type "WTF?RuStup1d!?" only to be presented with password too long, getting my answer. You gotta love those password strength gauges, a strong password in as little as six characters. There's too many chefs in the kitchen, the good password guidance soup is overloaded with ingredients; it is both watered down and over spiced at the same time with no real substance. But hey, it's an acquired taste.

  24. knottedhandkerchief

    How did they know when it was cracked?

    1. ibmalone

      Because Ken confirmed it. (Or appeared to.)

      Otherwise, being pedantic, they wouldn't know they had arrived at the original password. All they'd know is they've found a string that produces the original stored hash. Though, as that's all you need to get past a log-in mechanism that's checking against that hash, you can consider it cracked.

  25. ExpatZ

    8 character passwords are no longer recommended and have not been for a couple years now because of the ease with which they are compromised as the latest demonstraton shows.

    Content does not matter, even special characters have negligible benefits in a hash this short these days.

    Use pass phrases where your admins allow.

    Pass phrases are snippets of something that you can remember that make a sentence or nearly a sentence.

    A good one had I not just used it on a public forum would be something like:

    Don't panic and remember to bring your towel.

    That is 42 characters long and won't be crackable until quantum computers are available over the next decade or so.

    It is also very easy to remember and not really all that slow to type.

    And it is secure, for now.

    Pass phrases people: use them, love them, be secure.

    1. HxBro
      Facepalm

      FFS

      Don't panic and remember to bring your towel....

      I now have to change my password

    2. ibmalone

      Though, if it's a direct quote from a book it will potentially be prioritised in brute forcing over more random phrases.

      Part of the intent behind "correcthorsebatterystaple" is that the words should be selected randomly, the process XKCD is referring to is called dice passwords and the real intent there is you have a fairly large table of words and select them using dice (which can be done without a computer or relying on computed random numbers, meaning the entropy is as guaranteed as it ever can be). There are other similar schemes and recommendations that don't have the dice component.

      The space of phrases available in all published books is still pretty big, and you can add a few more bits of entropy by adding some random transformations to them, but the space of all possible combinations of fairly short sequences of words in any language rapidly becomes far greater.

      1. Charles 9

        Then comes the problem when you have a terrible memory and, so to speak, dice the dice. Thus my common riposte "donkeyenginepaperclipwrong," four similar words in a different order. I'm still looking for a solution compatible with no extra software AND very bad (say geriatric) memory.

        1. keithpeter Silver badge
          Coat

          "I'm still looking for a solution compatible with no extra software AND very bad (say geriatric) memory."

          There comes a time when you just need a small black book and a pen. Then you can do things like take the first two letters of each word in a text, or use a Playfair type grid &c.

          https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html

          Coat: mine's the one with the All Weather Notebook in the pocket

          1. Charles 9

            VERY bad memory cannot be solved with mnemonics; they forget the mnemonics. In this case, they'll lose track of which two letters or not figure out how they set up their grid. Or they could just lose the book like they do their car keys or phone every other day (and forget it, they're too proud to ask for help).

  26. IceC0ld

    took their time :o)

    Thompson, who helped create Unix and the Go programming language among many other accomplishments, acknowledged the feat by offering his congratulations. He didn't immediately respond to a request for comment.

    so, if the man himself was still around, why not just ask him, and save all this palaver :o)

    just call it social engineering if you were to write it up of course

  27. kirk_augustin@yahoo.com

    DES backdoor

    We always knew DES encryption had a backdoor and was intended to be cracked. The U. of Waterloo proved that many decades ago.

    Having the secure file of hashed passwords has always been known as being reversible.

    There is never going to be a way of preventing that.

    That is because you do not have to get the right password.

    All you need is to end up with the same hashed result.

    And that is never computationally hard, just slow.

    1. ibmalone

      Re: DES backdoor

      Having the secure file of hashed passwords has always been known as being reversible.

      There is never going to be a way of preventing that.

      That is because you do not have to get the right password.

      Going to be a bit pedantic: actually your third sentence here means the first one is not true. If hash collisions are possible then the hash isn't reversible. Of course, that's not the challenge in cracking passwords, the possibility of exact collisions doesn't really make it much easier to attack a hash (unless you're using passwords with a lot more entropy than the hash can store).

  28. The Dogs Meevonks Silver badge

    I've been using an 8 character password for almost 20yrs and so it's never been hacked... However, for the last few years I've retired the variations of that one and switched to a new formula. 2 words and a minimum of 4 digits that is linked in some random way to the site I am using it for.

    That means on average my passwords are now 15-20 characters, both upper/lower case and numerical.

    So for example... say you've got an account on a food site where you get recipe's and nutritional advice.... a password could be GrandmothersCupcakes1975.

    I've found that to be far more effective and efficient that creating random passwords It also doesn't hurt to write them down at home because the chances of anyone breaking into my home and searching for tiny little notebook the size of a credit card just to access my account on some random website is pretty non existent.

  29. J.G.Harston Silver badge

    c'mos, all these posts and still nobody has said what p/q2-q4! means. pawn something queen something queen something dark side something.

    1. Anonymous Coward
      Anonymous Coward

      "[...] nobody has said what p/q2-q4! means"

      The Q2 and Q4 are unique identifiers of squares on the board matrix. Where 'Q' is the Queen's column (file) - and the numeric is the row (rank) starting at 1 for presumably White's back row. The ! is presumably an "end of sequence" marker?

      A fairly standard opening gambit. You are moving your Pawn in front of your Queen forward by its permitted two rows in a straight line.

      Here is an insight into the complexity that has to be encoded.

      1. Charles 9

        The aforementioned link points to the kind of notation I'm more familiar with (from the days when the Chessmaster was en vogue). This password appears to use a different kind of notation, as files are normally a simple a-h instead of using piece notation (which can get confusing due to there being more than one bishop, knight, and rook file), slashes aren't used (except in some variants to indicate a promotion), the pawn is normally indicated by a lack of a piece tag, and the ! is normally reserved for noteworthy moves.

  30. iainw

    didn't respond to an RFC...

    lol!

  31. Anonymous Coward
    Anonymous Coward

    Further comments may be found on the mailing list

    Rob Pike finds the whole thing distasteful and someone made a disparaging (but unwarranted) crack against El Reg. (https://minnie.tuhs.org/pipermail/tuhs/2019-October/018930.html et sequuntur)

  32. JulieM Silver badge

    Phun Phact

    If the last two characters of your password are ctrl+U, U then this will interfere with any password-cracking tools, thus rendering your password totally uncrackable!

  33. -tim
    Boffin

    Not all special characters worked 40 years ago

    The tty drivers for the serial port would default to @ and # as line delete and backspace so foo@ was an empty password and 123#456 was the same as just 456.

    1. Charles 9

      Re: Not all special characters worked 40 years ago

      Don't you mean 12456 as the # should only erase the 3?

  34. Count Ludwig
    Joke

    Use your pet's name...

    My cat is called Password123

  35. fredesmite
    Mushroom

    4 days to crack ?

    Why bother ?

  36. Gustavo Fring

    Rx vega 64

    Thats not a typical gaming CPU .. something more midrfange like a Gtx960 or rx480 might be more typical ... but most game on integrated graphics .

    Also breechs are something you shit in but breaches ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Rx vega 64

      No, those are britches. The breech is what you stick in your britches and where the crap comes from (in biological sense, the breech is your butt; in artillery sense, the breech is the back of the gun barrel--think breech-loading). As for a breach, it's normally considered militarily or architecturally: both in a bad way, as it usually means a break in some kind of line or fortification (think hull breach).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like