Spiria logo.

Past imperfect passwords

October 10, 2019.

VT100 video display terminal, Digital Equipment Corporation, circa 1984.

VT100 video display terminal, DEC, circa 1984. CC BY 2.0, Jason Scott.

BSD (Berkeley Software Distribution) is an ancient version of Unix, created 42 years ago. At the time, cyberthreats were today’s cybertreats, and security technologies were much less advanced. For example, the hashing function protecting passwords (DEScrypt), while state of the art 40 years ago, is now child’s play to crack, especially since passwords were limited to 8 characters. Even stranger, the password hashes of some BSD creators were included in publicly available source code. This is how Leah Neukirchen, a German developer, was able to crack the passwords of many of computing’s early pioneers in BSD version 3, dating from 1979.

Dennis Ritchie, co-inventor of BSD, used “dmac” (his middle name was MacAlistair). Stephen R. Bourne, creator of the eponymous Unix shell, chose “bourne”. Eric Schmidt, now the executive chairman of Google Alphabet, relied on “wendy!!!” (his wife’s name). And Stuart Feldman, author of the make Unix tool and the first Fortran 77 compiler, used “axolotl” (the name of a Mexican salamander). One password that was harder to crack (taking four days of computing on an AMD Radeon Vega64 card) was Ken Thompson’s: “p/q2-q4!” — the descriptive notation for a common chess opening.

Ambystoma mexicanum.

Axolotl, Ambystoma mexicanum. WikiMedia, CC BY-SA 3.0.

Ars Technica, Dan Goodin, “Forum cracks the vintage passwords of Ken Thompson and other Unix pioneers.”