Somewhere around 2014 I found an /etc/passwd file in some dumps of the BSD 3 source tree, containing passwords of all the old timers such as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Bourne and Bill Joy.
Since the DES-based crypt(3) algorithm used for these hashes is well known to be weak (and limited to at most 8 characters), I thought it would be an easy target to just crack these passwords for fun.
Quickly, I had cracked a fair deal of these passwords,
many of which were very weak.
/.,/.,, which is easy to type on a QWERTY keyboard.)
kens password eluded my cracking endeavor. Even an exhaustive search
over all lower-case letters and digits took several days (back in 2014)
and yielded no result. Since the algorithm was developed by
Ken Thompson and Robert Morris, I wondered what’s up there.
I also realized, that, compared to other password hashing schemes
(such as NTLM), crypt(3) turns out to be quite a bit slower to crack
(and perhaps was also less optimized).
Did he really use uppercase letters or even special chars? (A 7-bit exhaustive search would still take over 2 years on a modern GPU.)
Finally, today this secret was resolved by Nigel Williams:
From: Nigel Williams <email@example.com> Subject: Re: [TUHS] Recovered /etc/passwd files ken is done: ZghOT0eRm4U9s:p/q2-q4! took 4+ days on an AMD Radeon Vega64 running hashcat at about 930MH/s during that time (those familiar know the hash-rate fluctuates and slows down towards the end).
I’m very happy that this mystery has been solved now and I’m pleased of the answer.
[Update 16:29: fix comment on chess.]
NP: Mel Stone—By Now