Friday, October 18, 2019

Pasword part 2

Recently I saw a tweet at twitter stating that “Kens password was hacked”. Apparently somebody had found in 2014 a unix passwordfile, from a very selected group of ITers (you can call them pioneers) and at that time already tried to hack the passwords (unix encrypts the passwords in such way that even admins or a superusers can't decipher them). There were some famous names like Ken Thompson, Dennis Ritchie , Brian Kernighan, Steve Bourne and Bill Joy. We talked about a team which defined in the years ’60 and ’70 the base of all our current ICT. If you would convert those names to topplayers that we would be talking about Steinitz, Tarrasch, Lasker, Reti and Nimzowitsch, no less.

That unix-file with passwords seemed very difficult to crack in 2014. The hardware wasn't as strong as nowadays. 20 words were revealed quite quickly but five resisted. The last man standing was… Ken Thompson, and his password was chess-oriented.

On this site (ken thompsons old unix password cracked) you can read the story. Encrypted unix makes his password “ZghOT0eRm4U9s” and it appeared eventually to be “p/q2-q4!”. In other words, his password was just “d2-d4!”.

Chess-oriented passwords are strong, and that is no surprise: Kens password contains letters, special characters in an apparently illogical sequence. Now that is a trick which I also use. The reason is simple because if you use as password “1.d4 f5 2.e4!”, then you only need to remember “Staunton”. I also remember that as a student in Oostende I logged on the PDP-11 with my name and “e4e5f4” as password.

There are several sites which allow you to test the strength of your password: 2 good sites are and Other sites give you guidelines about which characters you can add, but these two give an indication how long it lasts to crack your password. This indication largely depends on the speed of the computer and as the first site is more conservative (they think that hackers are very well equipped), I prefer to use the first one.

That “e4e5f4” doesn't survive a second (54 milliseconds), but this changes when you use the full notation: “1.e4 e5 2.f4” which requires already 600 years. With a few extra signs “1.e4! e5! 2.f4?” you increase it to 4 billion years. That is not bad for a simple to remember password - you only need to remember "kingsgambit".

Of course the more moves, the better; the French MacCutcheon (1.e4 e6 2.d4 d5 3.Nc3 Nf6 4.Bg5 Lb4) lasts 10^48 years, without using exclamation-marks or question-marks. For people playing this line, it is simple but it is rather long so impractical to use. A rather short one is “Saveedra 6.c7-c8:T!” which  demands already 36 x 10^18 years of calculations, much easier to remember.

If you don't want to remember move-sequences, but rather prefer a chess-name as password, then I can recommend “Roman Dzindzichashvili” (42 x 10^21 years) or “Zurab Azmaiparashvili” (596 x 10^18 years). Have fun en keep it safe!


No comments:

Post a Comment