Initially, Australian blogger and developer Leah Neukirchen couldn’t crack Ken Thompson’s password in the /etc/passwd file she found in an old Unix BSD-3 release. Fast forward 5 years to 2019 and the topic is brought back to stage on the Unix Heritage Society mailing list. Nigel Williams, an HPC system administrator from Hobart, Tasmania was able to crack the password hash in 4 days on a machine with an AMD Radeon RX Vega 64 card, running hashcat at a rate of about 930MH/s. The password was:
Ken Thompson confirmed that this is the password with a short “congrats.” post to the mailing list.
In layman terms, this is a move with the pawn in front of the queen:
The fact that this password eluded the initial cracking efforts shows how important it is to choose a good and strong password.
October, 2019 is CyberSecurity Awareness month, so here are two tips on making your online presence more secure:
- Use passphrases instead of pass-words. A passphrase like – “The birds ate all The seeds” is much more secure than “@#209ds4$”.
- Use a password manager and protect your online accounts with different passwords. Even those built in browsers are better than no password manager at all.